DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continuation
This application is a continuation application of US 16/909,910 (filed on Jun. 23, 2020 – now U.S. Patent No. 10,860,731), which is a continuation-in-part application of US 16/837,746 (filed on Apr. 1, 2020). The prosecution history and references cited in the above applications have been fully considered.

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 11/11/2020 and 3/19/2021 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1, 2, 5, 6, 8, 9, 12-16, 19, and 20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 9-12 of U.S. Patent No. 10,860,731. Although the claims at issue are not identical, they are not patentably distinct from each other because independent claims 1 and 8 of the current application recite methods from the point of view of the “service provider device” and the “user access provider”, wherein the methods are indistinct from the method of dependent claim 9 of the conflicting patent. Independent claim 15 of the current application is a non-transitory computer-readable medium storing instruction that correspond to the steps recited in method claim 8 of the current application. The same reasoning provided for claim 8 is also applicable to claim 15. Claim 15 differs in scope (a “non-transitory computer-readable medium”) from the method of claim 8, otherwise claim 15 recites steps that are not patentably distinct from the steps of the conflicting method claims.
For example, see the following comparison table between claims of the current application and conflicting patent.
Current application (17/095667)
Conflicting patent (US 10,860,731)
1. A method for permission-based management of user data via a distributed ledger, the method comprising:
8. A method for permission-based management of user data via a distributed ledger, the method comprising:

configuring, by a user access provider (UAP) device, a set of permissions for a first user, the set of permissions configured to grant or deny access to data of the first user by a plurality of service providers; storing, by the UAP device, a public key at a memory, the public key corresponding to a private key associated with the first user;
receiving, by a service provider device, a set of permissions from a user access provider (UAP) device, the set of permissions authorizing the service provider device to perform one or more actions with respect to data of a user;
transmitting, by the UAP device, permission data to a set of service providers of the plurality of service providers, the permission data comprising permissions associated with sharing data of the first user among the set of service providers; (Comment: the conflicting limitations are directed to “transmitting”, e.g. from the point of view of the UAP device, the same data recited in the current limitations, e.g. from the point of view of the service provider device that is “receiving”)

receiving, by the UAP device, an authentication request from a first service provider of the set of service providers, the authentication request corresponding to a request to authenticate the first user as a source of data provided to the first service provider device; determining, by the UAP device, whether the first user is the source of the data based on the public key, wherein the first user signs data provided to the plurality of service providers using a private key corresponding to the public key;
receiving, by the service provider device, first data from the user; storing, by the service provider device, the first data to a portion of a distributed ledger maintained by a service provider node, wherein the service provider node corresponds to the service provider device;
transmitting, by the UAP device, an authorization response to the first service provider device, wherein the authorization response authorizes storage of the data to a portion of the distributed ledger maintained by the first service provider based on the first user being determined as the source of the data, and wherein the data is synchronized to other portions of the distributed ledger maintained by other service providers of the set of service providers based on the permission data. (Comment: emphasis in the underlined portions)

9. The method of claim 8, further comprising:
receiving, by the service provider device, revocation information from the UAP device, wherein the revocation information indicates access the data of the user by the service provider device has been revoked; 
receiving, by the UAP device, a permission revocation message from the first user, the permission revocation message revoking access of the first service provider to at least a portion of the first data recorded on the distributed ledger by the first service provider node; 

transmitting, by the UAP device, a revocation notice to the first service provider node, the revocation notice configured to inform the first service provider that access to at least the portion of the first data by the first service provider has been revoked by the first user, 
and deleting, by the service provider device, at least a portion of the data of the user from the distributed ledger maintained by the service provider node based on the revocation information.
and wherein the revocation notice is configured to purge at least the portion of the first data from portion of the distributed ledger maintained by the first service provider.


8. A method for permission-based management of user data via a distributed ledger, the method comprising:
8. A method for permission-based management of user data via a distributed ledger, the method comprising:
configuring, by a user access provider (UAP) device, a set of permissions for a user, the set of permissions configured to grant or deny access to data of the user by a plurality of service providers;
configuring, by a user access provider (UAP) device, a set of permissions for a first user, the set of permissions configured to grant or deny access to data of the first user by a plurality of service providers;

storing, by the UAP device, a public key at a memory, the public key corresponding to a private key associated with the first user;
distributing, by the UAP device, permission data to a set of service providers of the plurality of service providers, the permission data comprising permissions authorizing the set of service providers to access data of the user, wherein the set of service providers store and share the data of the user based on the permissions;
transmitting, by the UAP device, permission data to a set of service providers of the plurality of service providers, the permission data comprising permissions associated with sharing data of the first user among the set of service providers;

receiving, by the UAP device, an authentication request from a first service provider of the set of service providers, the authentication request corresponding to a request to authenticate the first user as a source of data provided to the first service provider device; determining, by the UAP device, whether the first user is the source of the data based on the public key, wherein the first user signs data provided to the plurality of service providers using a private key corresponding to the public key; transmitting, by the UAP device, an authorization response to the first service provider device, wherein the authorization response authorizes storage of the data to a portion of the distributed ledger maintained by the first service provider based on the first user being determined as the source of the data, and wherein the data is synchronized to other portions of the distributed ledger maintained by other service providers of the set of service providers based on the permission data.

9. The method of claim 8, further comprising:
modifying, by the UAP device, the permission data associated with the set of service providers based on information received from the user, wherein the modifying includes revoking access to the data of the user by at least one service provider of the set of service providers;
receiving, by the UAP device, a permission revocation message from the first user, the permission revocation message revoking access of the first service provider to at least a portion of the first data recorded on the distributed ledger by the first service provider node; (Comment: the user changes the permissions to revoke access based on a message – “information” – from the user)
and transmitting, by the UAP device, revocation information to the at least one service provider that indicates the authorization to access the data of the user by the at least one service provider has been revoked, wherein the at least one service provider deletes the data of the user from a portion of the distributed ledger maintained by at least one service provider node corresponding to the at least one service provider based on the revocation information.
transmitting, by the UAP device, a revocation notice to the first service provider node, the revocation notice configured to inform the first service provider that access to at least the portion of the first data by the first service provider has been revoked by the first user, and wherein the revocation notice is configured to purge at least the portion of the first data from portion of the distributed ledger maintained by the first service provider.


Allowable Subject Matter
Claims 3, 4, 7, 10, 11, 17, and 18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all the limitations of the base claim and any intervening claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 2019/0205563: Discloses terminating access to personal information data by a first platform entity by adding a second authorized access data block to the authorized access data blockchain that removes a first platform identifier from the authorized access data. See [0162].
US 10,291,395: Discloses using a distributed ledger system for securely storing data. The data is encrypted and distributed to processing nodes of the distributed ledger system. See Abstract.
US 2018/0082024: Discloses a patient revoking access to a health provider by recording a consent revocation document in consent and data exchange ledger to invalidate previously granted consent. See [0098]-[0100].

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ROBERT B LEUNG whose telephone number is (571)270-1453. The examiner can normally be reached Mon - Thurs: 10am-7pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG KIM can be reached on 571-272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/ROBERT B LEUNG/Primary Examiner, Art Unit 2494                                                                                                                                                                                                        5-19-2022