DETAILED ACTION
This Office Action is in response to the application 16/960,664 filed on July 08th, 2020.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claims 2-67 were canceled. Claims 1 and 68-86 are pending and herein considered.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS), submitted on 07/08/2020, 07/10/2020, is in compliance with the provisions of 37 CRR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Priority
Acknowledgement is made of Applicant’s claim for foreign priority under 35 U.S.C. 119(a)-(d) to Application No. 18151466.2, the signed copy having been filed on January 12th, 2018.


Claim Objections
Claim 85 objected to because claim 85, line 1 “a non-transitory computer readable medium” is the medium claim that refers back to claim 1. The Office considers any claim that refers to another claim as dependent thereon, i.e., a dependent claim. Since claim 1 is a method comprising three elements and claim 85 fails to add, delete, or changes any of these steps, claim 85 fails to further limit its parent claim. Applicant is required to cancel the claim(s), or amend the claim(s) to place the claim(s) in proper dependent form, or rewrite the claim(s) in independent form.
Claim 86 objected to because claim 86, line 1 “a non-transitory computer readable medium” is the medium claim that refers back to claim 73. The Office considers any claim that refers to another claim as dependent thereon, i.e., a dependent claim. Since claim 73 is a method comprising three elements and claim 86 fails to add, delete, or changes any of these steps, claim 86 fails to further limit its parent claim. Applicant is required to cancel the claim(s), or amend the claim(s) to place the claim(s) in proper dependent form, or rewrite the claim(s) in independent form.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1 and 68-86 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Oberhauser et al. (Oberhauser), U.S. Pub. Number 2017/0222814.
Regarding claim 1; Oberhauser discloses a method for setting up a microservice (par. 0043; fig. 2; personal data service (PDS) 200.) comprising:
receiving a medical dataset (pars. 0020-0022; personal data including healthcare data stored in PDS 200; the healthcare data cannot be produced by a PDS it is received; at least the storage receives the data in order for it to be stored.);
receiving accessing entity information describing an accessing entity (par. 0145; sensitive attribute values such as passport number may be protected using multi-key authorization; i.e., a user may seek authorization to change such an attribute value by presenting multiple keys upon authentication.); and
setting up the microservice based on the accessing entity information (par. 0154; once the data and privacy rules are provided, the particular service in form of the PDS is set up; key are necessary to change attributes; only correctly set attributes like a passport number, mean that a service is correctly set up.), the microservice containing the medical dataset in an encrypted form (par. 0134; security in a hosting environment may be improved by encrypting data handled by a privacy layer component such as a PDS so that a hosting entity may not be able to access the data as written to a physical or virtual disk.), and including an access logic based on the accessing entity information (par. 0137; fig. 8; the process 800 is initiated by a user attempting to change an item of personal data stored in the privacy layer component, which may trigger an access control check at the privacy layer; a privacy layer access control mechanism may include an authentication and/or authorization process, which may be more or less stringent depending on a type of action being requested by the user.), the access logic defining access conditions to the medical dataset and configured to grant access to the medical dataset upon the access conditions being fulfilled (par. 0154; authorization granted access.).
Regarding claim 68; Oberhauser discloses the method of claim 1, wherein the medical dataset relates to a patient, and wherein the accessing entity is different from the patient (par. 0020; healthcare provider account includes a patient.).
Regarding claim 69; Oberhauser discloses the method of claim 1, wherein the accessing entity information includes access credentials, stored related to the microservice, wherein the access logic defines the access conditions based on the access credentials, and wherein the access conditions are fulfilled upon the access credentials being related to a requesting entity requesting access to the medical dataset (par. 0023; a PDS may be programmed to protect privacy by restricting access to personal data stored in the PDS; i.e., one or more credentials may be required to authenticate a user attempting to log into the PDS.).
Regarding claim 70; Oberhauser discloses the method of claim 69, wherein the access credentials are an access certificate and the access conditions are fulfilled upon the access certificate being related to the requesting entity (par. 0046; the personal management component may maintain an audit trail of some or all actions performed via the user interface; this may allow the user to identify any unauthorized action such as an attacker using credentials stolen from the user; the audit trail may be used by an investigator to determine if the user engaged in any fraudulent behavior.).
Regarding claim 71; Oberhauser discloses the method of claim 70, wherein the access certificate belongs to the accessing entity and wherein the access certificate is related to the requesting entity upon the identity of the requesting entity being verified by the access certificate (par. 0113; attribute values may be verified by trusted entities, such as government agencies (e.g., passport authorities), employers, financial institutions; a trusted entity may verify a value of an attribute by inspecting physical documents (e.g., birth certificates, driver’s licenses, social security cards, pay slips) and/or interviewing a user in person.).
Regarding claim 72; Oberhauser discloses the method of claim 70, wherein the access certificate belongs to the microservice and is derived from a certificate belonging to the accessing entity, and wherein the access certificate is related to the requesting entity upon the identity of the requesting entity being verified by the certificate belonging to the accessing entity (par. 0113; upon successful verification, the trusted entity may cause a corresponding attribute attestation to be in a VERIFIED state; if there is any issue, the trusted entity may cause the corresponding attribute attestation to be in an INVALID state.).
Regarding claims 73-79; Claims 73-79 are directed to method which have similar scope as claims 1 and 68-72. Therefore, claims 73-79 remain un-patentable for the same reasons.
Regarding claims 80-84; Claims 80-84 are directed to method which have similar scope as claims 1 and 68-72. Therefore, claims 80-84 remain un-patentable for the same reasons.
Regarding claim 84; Claim 84 is directed to method which have similar scope as claim 1. Therefore, claim 84 remains un-patentable for the same reasons.
Regarding claim 84; Claim 85 is directed to method which have similar scope as claim 1. Therefore, claim 85 remains un-patentable for the same reasons.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHOI V LE whose telephone number is (571)270-5087.  The examiner can normally be reached on 9:00 AM - 5:00 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/KHOI V LE/
Primary Examiner, Art Unit 2436