DETAILED ACTION
Responsive to the Applicant reply filed on 04/05/2022, Applicant’s amendments to claims have been entered and respective arguments carefully considered and responded in following.
Claims 1-20 remain pending in the application.
Claims 1, 9 , 12 and 18 have been amended. 
Claims 1-20 are rejected.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 04/05/2022 has been entered.
 
Response to Amendment
The amendment filed 04/05/2022 has been entered. Claims 1, 9 , 12 and 18 have been amended. Therefore, the rejection of claim 18 under 35 USC § 112 has been withdrawn.

Response to Arguments
Applicant’s arguments, filed 04/05/2022, with respect to the rejection(s) of claim(s) 1, 9 and 12 under claim Rejections - 35 USC § 103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made over Awaraji et al. (US 20140172719 A1) in view of Harper et al. (US 6651060 B1) in view of Dunn (US 7912971 B1). Please refer to the 35 U.S.C. § 103 section below for the detailed rejection.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-6, 12 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Awaraji et al. (US 20140172719 A1 hereinafter “Awaraji”) in view of Harper et al. (US 6651060 B1 hereinafter “Harper”) in view of Dunn (US 7912971 B1).
Regarding claim 1, (Currently Amended) Awaraji discloses a non-transitory machine-readable storage medium encoded with instructions executable by a processor, the machine-readable storage medium comprising instructions to (Fig. 2): 
obtain a request, from a requestor, to use a customer-consent data record associated with a particular customer ([0036-0038] This process preferably begins at Step 11, in which a client requests service from a service provider. The client [“particular customer”] then provides their consent to the service as part of Step 13. In Step 14, the service provider [“requestor”] requests information from a trusted information broker [“obtain a request”]. The trusted information broker can manage access to information about a variety of clients), wherein a consent indication indicates usages of the customer-consent data record that are designated permissible or impermissible by the particular customer ([0039] Clients can select the level of detail [“by the particular customer”] to be included in such a request, ranging from generic, category-level descriptions of the information, to detailed, record-specific descriptions of the information);
validate that the requested use of the customer-consent data record is permissible based on the consent indication ([0039-0041] Clients can select the level of detail to be included in such a request, ranging from generic, category-level descriptions of the information, to detailed, record-specific descriptions of the information. This request is transmitted as part of Step 15. The client's approval/rejection of the request is transmitted back to the trusted information broker as part of Step 16); 
based on the validation, grant the requested use of the customer-consent data record to the requestor ([0041-0042] The client's approval/rejection of the request is transmitted back to the trusted information broker as part of Step 16. In Step 17, the service provider is advised of the results of the information request made in Step 14, and is given access to any information to which the service provider has been granted access); 
receive an execution indication from the requestor that the requestor executed the granted use of the customer-consent data record in accordance with the consent indication that the validation is based ([0041-0044] In Step 18, the service provider provides services to the client, and captures additional information. Information captured as part of Step 18 can be stored at the trusted information broker, stored at the service provider, distributed in a secure manner across service providers, or any combination thereof [“execution indication”]. This is illustrated in part by FIG. 2. In FIG. 2, the trusted information broker may obtain information about the client from Service Provider 1, encrypt such information, and store the encrypted information with Service Provider 2. This provides a distributed, redundant storage mechanism that greatly increases overall system reliability. Each entity returns the information to the trusted information broker as part of Step 23); and 
in association with the consent indication, store a record of tracked granted use and the received execution indication in an audit log associated with the particular customer ([0042-0044] Information captured as part of Step 18 can be stored at the trusted information broker, stored at the service provider, distributed in a secure manner across service providers, or any combination thereof  [“execution indication”]. This is illustrated in part by FIG. 2. Each entity returns the information to the trusted information broker as part of Step 23; [0048] all transactions, such as, but not limited to, data access and data correction requests, and the results thereof, are preferably logged by the trusted information broker, thereby creating an audit trail. Such logging preferably includes a record of the transaction which is digitally signed by the entity performing the transaction).
Although Awaraji teaches, in para. 0038-0039, “as part of Step 14, if the service provider is not preauthorized to access the information, the trusted information broker sends a request to the client to permit the service provider to access the information”, it may not explicitly teach “confirm an identity of the requestor.”
In a same field of endeavor, Harper discloses the processor, wherein confirm an identity of the requestor (col. 11 ln. 22-25, The data processing center 82 includes means for associating each request 94 with its corresponding authorization 96, typically a human or electronic processor that compares identification codes of each).
Before the effective filing date, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Awaraji with the teachings of Harper to confirm an identity of the requestor. One of ordinary skill in the art would have been motivated to make this modification because a requestor may generate a request for records and sends the request and a digitized version of the signed authorization  to the data processing center (col. 11 ln. 6-9). Thus, a proper authorization are electronically received from a requestor by a data processing center (col. 3 ln. 41-43).
 Although Awaraji teaches, in para. 0041 and 0049, “In Step 18, the service provider provides services to the client, and captures additional information; This audit trail capability can be particularly advantageous in implementations of the system in financial and other institutions where access to confidential information”, it may not explicitly teach “track the granted use of the customer-consent data record to the requestor”. 
In a same field of endeavor, Dunn discloses the processor, wherein track the granted use of the customer-consent data record to the requestor (col. 16 ln.66-col. 17 ln. 02, The consent store 440 keeps track of whether access is granted or affirmatively denied by the user each time consent user interface 410 is invoked).
Before the effective filing date, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Awaraji and Harper with the teachings of Dunn to track the granted use of the customer-consent data record to the requestor. One of ordinary skill in the art would have been motivated to make this modification because a policy engine using an advanced logic capability (e.g., fuzzy logic) could refer to consent store to reference how the user specifically responded to previous requests by the client in ambiguous situations (col. 17 ln. 04-07).

Regarding claim 2, (Previously Presented) the combination of Awaraji, Harper and Dunn discloses the non-transitory machine-readable storage medium as recited in claim 1, wherein the customer-consent data record associated with the particular customer includes sensitive personal information (SPI) that can be used to identify, contact, or locate the particular customer ([Awaraji: 0008] use or disclosure of personal information including, but not limited to: requirements that entities maintaining personal data establish policies to protect such data; requirements that entities maintaining personal data establish policies to regulate access to such data; requirements permitting individuals access to, and the opportunity to correct, any personal information held by entities; and requirements that entities maintaining personal data give notice to individuals regarding a breach involving such personal data).

Regarding claim 3, (Previously Presented) the combination of Awaraji, Harper and Dunn disclose the non-transitory machine-readable storage medium as recited in claim 1, wherein the customer-consent data record associated with the particular customer includes information associated with the particular customer selected from a group consisting of full name, home address, mailing address, billing address, shipping address, email address, identification number, account identifier, passport number, driver's license number, Internet Protocol (IP) number, vehicle registration number, image of face, description of facial features, image of fingerprint, image of handwriting, image of signature, credit card numbers, bank account numbers, digital identity, date of birth, birthplace, genetic information, medical data, telephone number, login or username, gender, race, ethnicity, age, criminal record, online cookie information, web browsing history, place of residence, citizenship, legal status, marital status, social security number, religious preference, sexual orientation, security clearance, mother's maiden name, military records, disability information, biometrics, employment information and history, and some combination thereof ([Awaraji: 0049] confidential information (e.g., credit card numbers, bank account numbers, other account numbers, passwords, personal biographical information, criminal records or other law enforcement records, records of minors, etc.) must, by law, be limited and/or logged [“bank account numbers, criminal record, citizenship, legal status, security clearance”]; [0064] a surgeon, in his role as a client, is preferably allowed to view any or all medical records pertaining to himself and his medical history, while the same surgeon is preferably limited to viewing only those medical records to which he has access that pertain to another client [“birthplace, genetic information, medical data”]).

Regarding claim 4, (Previously Presented) the combination of Awaraji, Harper and Dunn discloses non-transitory machine-readable storage medium as recited in claim 1, wherein a requested use of the customer-consent data record includes actions performed on or with some portion of the customer-consent data record, the actions are selected from a group consisting of reading, copying, viewing, editing, analyzing, writing, modifying, accessing, sharing, accessing for advertising purposes, accessing for marketing purposes, accessing to facilitate generating a customized experience for the particular customer, accessing for product or service feedback or surveys, accessing for improving customer service, accessing to reduce risk of fraud, gathering metrics, and some combination thereof ([Awaraji: 0048] With respect to logging data correction transactions, in the case where a service provider refuses to change information in a client's record [“editing, analyzing, writing, modifying, accessing”], the trusted information broker can record the dispute and the differing versions of the record [“reading, copying, viewing, sharing,”]).

Regarding claim 5, (Previously Presented) the combination of Awaraji, Harper and Dunn discloses the non-transitory machine-readable storage medium as recited in claim 1, wherein the audit log is an indexed data record containing a history of actions taken that use the customer-consent data record based on usage grants ([Awaraji: 0049] The audit trail feature of the invention may be used to create a log of any parameter associated with a record access transaction or record change transaction [“history of actions taken”]. Such parameters include, e.g., an identification of the person requesting the transaction, an identification of the agency requesting the transaction, the date of the transaction, reasons listed for viewing the restricted information, particular documents or records accessed, and any changes made to records).

Regarding claim 6, (Previously Presented) the combination of Awaraji, Harper and Dunn discloses the non-transitory machine-readable storage medium as recited in claim 1 further comprising instructions to: 
receive a request from the particular customer to access or change the customer-consent data record associated with the particular customer ([Awaraji: 0046] the client initiates a data correction/change request as part of Step 41. In Step 42, the trusted information broker transmits the request to the service provider); 
grant the requested access or change of the customer-consent data record to the particular customer ([Awaraji: 0046] The grant or denial of the request is transmitted to the trusted information broker as part of Step 43); 
track the granted requested access or change of the customer- consent data record to the particular customer ([Awaraji: 0041] The client's approval/rejection of the request is transmitted back to the trusted information broker as part of Step 16. In Step 17, the service provider is advised of the results of the information request made in Step 14, and is given access to any information to which the service provider has been granted access. In Step 18, the service provider provides services to the client, and captures additional information); 
store the tracked access or change in the audit log associated with the particular customer ([Awaraji: 0042] Information captured as part of Step 18 can be stored at the trusted information broker, stored at the service provider, distributed in a secure manner across service providers, or any combination thereof; [0047-0048] all data maintained by the present invention is permanently stored. All transactions, such as, but not limited to, data access and data correction requests, and the results thereof, are preferably logged by the trusted information broker, thereby creating an audit trail).

Regarding claim 12, (Currently Amended) Awaraji discloses a non-transitory machine-readable storage medium encoded with instructions executable by a processor, the machine-readable storage medium comprising instructions to: 
obtain a request, from a requestor, to perform a data transaction with a customer- consent data record, wherein the customer-consent data record and a consent indication are each associated with a particular customer ([0036-0038] This process preferably begins at Step 11, in which a client requests service from a service provider. The client [“particular customer”] then provides their consent to the service as part of Step 13. In Step 14, the service provider [“requestor”] requests information [“obtain a request”] from a trusted information broker. The trusted information broker can manage access to information about a variety of clients), the consent indication indicating usages of the customer-consent data record that are designated permissible or impermissible by the particular customer ([0039] Clients can select the level of detail to be included in such a request, ranging from generic, category-level descriptions of the information, to detailed, record-specific descriptions of the information); 
validate that the requested data transaction with the customer-consent data record is permissible based on the consent indication ([0039-0041] Clients can select the level of detail to be included in such a request, ranging from generic, category-level descriptions of the information, to detailed, record-specific descriptions of the information. This request is transmitted as part of Step 15. The client's approval/rejection of the request is transmitted back to the trusted information broker as part of Step 16); 
based on the validation, grant the requested data transaction with the customer- consent data record to the requestor ([0041-0042] The client's approval/rejection of the request is transmitted back to the trusted information broker as part of Step 16. In Step 17, the service provider is advised of the results of the information request made in Step 14, and is given access to any information to which the service provider has been granted access); 
in association with the consent indication, store a record of the granted data transaction in an audit log associated with the particular customer ([0042-0044] Information captured as part of Step 18 can be stored at the trusted information broker, stored at the service provider, distributed in a secure manner across service providers, or any combination thereof  [“execution indication”]. This is illustrated in part by FIG. 2. Each entity returns the information to the trusted information broker as part of Step 23; [0048] all transactions, such as, but not limited to, data access and data correction requests, and the results thereof, are preferably logged by the trusted information broker, thereby creating an audit trail. Such logging preferably includes a record of the transaction which is digitally signed by the entity performing the transaction).
Although Awaraji teaches, in para. 0038-0039, “as part of Step 14, if the service provider is not preauthorized to access the information, the trusted information broker sends a request to the client to permit the service provider to access the information”, it may not explicitly teach “confirm an identity of the requestor.”
In a same field of endeavor, Harper discloses the processor, wherein confirm an identity of the requestor (col. 11 ln. 22-25, The data processing center 82 includes means for associating each request 94 with its corresponding authorization 96, typically a human or electronic processor that compares identification codes of each).
Before the effective filing date, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Awaraji with the teachings of Harper to confirm an identity of the requestor. One of ordinary skill in the art would have been motivated to make this modification because a requestor may generate a request for records and sends the request and a digitized version of the signed authorization  to the data processing center (col. 11 ln. 6-9). Thus, a proper authorization are electronically received from a requestor by a data processing center (col. 3 ln. 41-43).
Although Awaraji teaches, in para. 0041 and 0049, “In Step 18, the service provider provides services to the client, and captures additional information; This audit trail capability can be particularly advantageous in implementations of the system in financial and other institutions where access to confidential information”, it may not explicitly teach “track the granted data transaction with the customer-consent data record to the requestor”. 
In a same field of endeavor, Dunn discloses the processor, wherein track the granted data transaction with the customer-consent data record to the requestor (col. 16 ln.66-col. 17 ln. 02, The consent store 440 keeps track of whether access is granted or affirmatively denied by the user each time consent user interface 410 is invoked).
Before the effective filing date, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Awaraji and Harper with the teachings of Dunn to track the granted data transaction with the customer-consent data record to the requestor. One of ordinary skill in the art would have been motivated to make this modification because a policy engine using an advanced logic capability (e.g., fuzzy logic) could refer to consent store to reference how the user specifically responded to previous requests by the client in ambiguous situations (col. 17 ln. 04-07).

Regarding claim 14, (Previously Presented) the combination of Awaraji, Harper, Dunn discloses the non-transitory machine-readable storage medium as recited in claim 12, wherein the granted data transaction is selected from a group consisting of reading, copying, viewing, editing, analyzing, writing, modifying, accessing, sharing, accessing for advertising purposes, accessing for marketing purposes, accessing to facilitate generating a customized experience for the particular customer, accessing for product or service feedback or surveys, accessing for improving customer service, accessing to reduce risk of fraud, gathering metrics, and some combination thereof ([Awaraji: 0048] With respect to logging data correction transactions, in the case where a service provider refuses to change information in a client's record [“editing, analyzing, writing, modifying, accessing”], the trusted information broker can record the dispute and the differing versions of the record [“reading, copying, viewing, sharing,”]).


Claims 7, 8, 15 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Awaraji et al. (US 20140172719 A1 hereinafter “Awaraji”) in view of Harper et al. (US 6651060 B1 hereinafter “Harper”) in view of Dunn (US 7912971 B1) as applied to claim 1 and 12 above, and further in view of PINSKI et al. (US 20190087892 A1 hereinafter “Pinski”).
Regarding claim 7, (Previously Presented) the combination of Awaraji, Harper and Dunn discloses may not disclose, but Pinski, which is a same field of endeavor, discloses the non-transitory machine-readable storage medium as recited in claim 1 further comprising instructions to: 
receive a request from a requesting party to access the audit log associated with the particular customer ([0058] An audit can be requested for a particular account through consumer notation U/I 210, service representative U/I 220. At 920, the consent inquiry function 230 receives request to conduct an audit);
 validate that the requested access to the audit log is permissible by the requesting party ([0063] the consumer notation U/I 210 tries to authenticate the user by one or more methods); 
grant the requested access to the audit log to the requesting party ([0064] Service representative U/I 220 accepts inquiries for consent records with some required authentication); 
provide the audit log to the requesting party ([0058] At 921, the transactions or entries in the blockchain as recorded by consent node DB 240 is compared to the transactions as recorded in the bank core system 140. At 922, inconsistent or non-matching transactions are flagged by the consent inquiry function 230, and can be provided through consumer notation U/I 210 or service representative U/I).
Before the effective filing date, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Awaraji, Harper and Dunn with the teachings of Pinski to receive a request from a requesting party to access the audit log associated with the particular customer; validate that the requested access to the audit log is permissible by the requesting party; grant the requested access to the audit log to the requesting party; provide the audit log to the requesting party. One of ordinary skill in the art would have been motivated to make this modification because the blockchain of the third party external system can be utilized to conduct audits of the bank core system that handles the opening of accounts and transactions conducted. Such an implementation can flag inconsistencies between the blockchain and the bank core system, and be maintained as a verifiable record against the bank system, thereby preventing the generation of unknown or fraudulent accounts without consent from the consumer (para. 0037).

Regarding claim 8, (Previously Presented) the combination of Awaraji, Harper, Dunn and Pinski discloses the non-transitory machine-readable storage medium as recited in claim 7, wherein the requesting party is the particular customer ([Pinski: 0058] An audit can be requested for a particular account [“particular customer”] through consumer notation U/I 210, service representative U/I 220. At 921, the transactions or entries in the blockchain as recorded by consent node DB 240 is compared to the transactions as recorded in the bank core system 140 [“particular customer” since it is validated after comparing the transactions b/t 3rd party Consent Record DB and Bank Core System]).

Regarding claim 15, (Previously Presented) the combination of Awaraji, Harper and Dunn discloses may not disclose, but Pinski, which is a same field of endeavor, discloses the non-transitory machine-readable storage medium as recited in claim 12 further comprising instructions to: 
receive a request from a requesting party to access the audit log associated with the particular customer ([0058] An audit can be requested for a particular account through consumer notation U/I 210, service representative U/I 220. At 920, the consent inquiry function 230 receives request to conduct an audit); 
validate that the requested access to the audit log is permissible by the requesting party ([0063] the consumer notation U/I 210 tries to authenticate the user by one or more methods); 
grant the requested access to the audit log to the requesting party ([0064] Service representative U/I 220 accepts inquiries for consent records with some required authentication); 
provide the audit log to the requesting party ([0058] At 921, the transactions or entries in the blockchain as recorded by consent node DB 240 is compared to the transactions as recorded in the bank core system 140. At 922, inconsistent or non-matching transactions are flagged by the consent inquiry function 230, and can be provided through consumer notation U/I 210 or service representative U/I).
Before the effective filing date, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Awaraji, Harper and Dunn with the teachings of Pinski to receive a request from a requesting party to access the audit log associated with the particular customer; validate that the requested access to the audit log is permissible by the requesting party; grant the requested access to the audit log to the requesting party; provide the audit log to the requesting party. One of ordinary skill in the art would have been motivated to make this modification because the blockchain of the third party external system can be utilized to conduct audits of the bank core system that handles the opening of accounts and transactions conducted. Such an implementation can flag inconsistencies between the blockchain and the bank core system, and be maintained as a verifiable record against the bank system, thereby preventing the generation of unknown or fraudulent accounts without consent from the consumer (para. 0037).

Regarding claim 20, (Previously Presented) the combination of Awaraji, Harper and Dunn may not discloses, but Pinski, which is a same field of endeavor, discloses the non-transitory machine-readable storage medium as recited in claim 1, wherein the audit log includes a history of interactions with the consumer-consent data record and is implemented according to blockchain technology ([0058] An audit can be requested for a particular account through consumer notation U/I 210, service representative U/I 220, or can be conducted periodically, or can be conducted through any desired implementation. At 920, the consent inquiry function 230 receives request to conduct an audit. At 921, the transactions or entries in the blockchain as recorded by consent node DB 240 is compared to the transactions as recorded in the bank core system 140 [“a history of interactions with the consumer-consent data record”]).
Before the effective filing date, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Awaraji, Harper and Dunn with the teachings of Pinski to include audit log having a history of interactions with the consumer-consent data record and is implemented according to blockchain technology. One of ordinary skill in the art would have been motivated to make this modification because the blockchain of the third party external system can be utilized to conduct audits of the bank core system that handles the opening of accounts and transactions conducted. Such an implementation can flag inconsistencies between the blockchain and the bank core system, and be maintained as a verifiable record against the bank system, thereby preventing the generation of unknown or fraudulent accounts without consent from the consumer (para. 0037).

Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Awaraji et al. (US 20140172719 A1 hereinafter “Awaraji”) in view of Harper et al. (US 6651060 B1 hereinafter “Harper”) in view of Dunn (US 7912971 B1) as applied to claim 12 above, and further in view of Publicover et al. (US 20160253710 A1 hereinafter “Publicover”).
Regarding claim 13, (Previously Presented) the combination of Awaraji, Harper and Dunn may not explicitly teach, but Publicover, which is a same field of endeavor, discloses the non-transitory machine-readable storage medium as recited in claim 12, wherein the granted data transaction includes actions performed on or with the customer-consent data record ([0384] a SyncGroup's authorization may change from its initial setting [“customer-consent data record”] by some form of mutual consent, some of which consent may be offered by default for some members based upon preferences in their own Profile [“customer-consent data record”]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination to incorporate the teachings of Publicover by providing actions are selected from a group consisting of accessing for advertising purposes, accessing for marketing purposes, accessing to facilitate generating a customized experience for the particular customer, accessing for product or service feedback or surveys, accessing for improving customer service, gathering metrics. One of ordinary skill in the art would have been motivated to do so because targeted Content can be provided in individual and/or group environments. In a group environment, Users and/or Devices can be grouped into a shared advertising group and Targeted Content can be selected based on Profiles of one or more members of the group (Abs.).


Claims 9 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over Awaraji et al. (US 20140172719 A1 hereinafter “Awaraji”) in view of Harper et al. (US 6651060 B1 hereinafter “Harper”).
Regarding claim 9, (Currently Amended) Awaraji discloses a method comprising: 
obtaining a request, from a requestor, for a data transaction with a customer-consent data record associated with a particular customer ([0036-0038] This process preferably begins at Step 11, in which a client requests service from a service provider. The client [“particular customer”] then provides their consent to the service as part of Step 13. In Step 14, the service provider [“requestor”] requests information from a trusted information broker [“obtain a request”]. The trusted information broker can manage access to information about a variety of clients), wherein a consent indication indicates usages of the customer-consent data record that are designated permissible or impermissible by the particular customer ([0039] Clients can select the level of detail [“by the particular customer”] to be included in such a request, ranging from generic, category-level descriptions of the information, to detailed, record-specific descriptions of the information); 
validating that the requested data transaction is permissible based on the consent indication ([0039-0041] Clients can select the level of detail to be included in such a request, ranging from generic, category-level descriptions of the information, to detailed, record-specific descriptions of the information. This request is transmitted as part of Step 15. The client's approval/rejection of the request is transmitted back to the trusted information broker as part of Step 16); 
based on the validation, granting the requested data transaction to the requestor ([0041-0042] The client's approval/rejection of the request is transmitted back to the trusted information broker as part of Step 16. In Step 17, the service provider is advised of the results of the information request made in Step 14, and is given access to any information to which the service provider has been granted access); and
 in association with the consent indication that the validation is based, storing a record of the grant of the data transaction in an audit log associated with the particular customer ([0042-0044] Information captured as part of Step 18 can be stored at the trusted information broker, stored at the service provider, distributed in a secure manner across service providers, or any combination thereof. This is illustrated in part by FIG. 2. Each entity returns the information to the trusted information broker as part of Step 23; [0048] all transactions, such as, but not limited to, data access and data correction requests, and the results thereof, are preferably logged by the trusted information broker, thereby creating an audit trail. Such logging preferably includes a record of the transaction which is digitally signed by the entity performing the transaction).
Although Awaraji teaches, in para. 0038-0039, “as part of Step 14, if the service provider is not preauthorized to access the information, the trusted information broker sends a request to the client to permit the service provider to access the information”, it may not explicitly teach “confirm an identity of the requestor.”
In a same field of endeavor, Harper discloses the processor, wherein confirm an identity of the requestor (col. 11 ln. 22-25, The data processing center 82 includes means for associating each request 94 with its corresponding authorization 96, typically a human or electronic processor that compares identification codes of each).
Before the effective filing date, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Awaraji with the teachings of Harper to confirm an identity of the requestor. One of ordinary skill in the art would have been motivated to make this modification because a requestor may generate a request for records and sends the request and a digitized version of the signed authorization  to the data processing center (col. 11 ln. 6-9). Thus, a proper authorization are electronically received from a requestor by a data processing center (col. 3 ln. 41-43).

Regarding claim 10, (Previously Presented) the combination of Awaraji and Harper discloses the method as recited in claim 9 further comprising: 
receiving an execution indication from the requestor that the requestor executed the granted data transaction in accordance with the consent indication that the validation is based ([Awaraji: 0041-0044] In Step 18, the service provider provides services to the client, and captures additional information. Information captured as part of Step 18 can be stored at the trusted information broker, stored at the service provider, distributed in a secure manner across service providers, or any combination thereof [“execution indication”]. This is illustrated in part by FIG. 2. In FIG. 2, the trusted information broker may obtain information about the client from Service Provider 1, encrypt such information, and store the encrypted information with Service Provider 2. This provides a distributed, redundant storage mechanism that greatly increases overall system reliability. Each entity returns the information to the trusted information broker as part of Step 23); 
in association with the consent indication that the validation is based, storing a record of the received execution indication in the audit log ([0042-0044] Information captured as part of Step 18 can be stored at the trusted information broker, stored at the service provider, distributed in a secure manner across service providers, or any combination thereof  [“execution indication”]. This is illustrated in part by FIG. 2. Each entity returns the information to the trusted information broker as part of Step 23; [0048] all transactions, such as, but not limited to, data access and data correction requests, and the results thereof, are preferably logged by the trusted information broker, thereby creating an audit trail. Such logging preferably includes a record of the transaction which is digitally signed by the entity performing the transaction).

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Awaraji et al. (US 20140172719 A1 hereinafter “Awaraji”) in view of Harper et al. (US 6651060 B1 hereinafter “Harper”) as applied to claim 9 above, and further in view of PINSKI et al. (US 20190087892 A1 hereinafter “Pinski”).
Regarding claim 11, (Previously Presented) the combination of Awaraji and Harper may not disclose, but Pinski, which is a same field of endeavor, discloses the method as recited in claim 9 further comprising: 
receiving a request from a requesting party to access the audit log associated with the particular customer ([0058] An audit can be requested for a particular account through consumer notation U/I 210, service representative U/I 220. At 920, the consent inquiry function 230 receives request to conduct an audit);
validating that the requested access to the audit log is permissible by the requesting party ([0063] the consumer notation U/I 210 tries to authenticate the user by one or more methods); 
grant the requested access to the audit log to the requesting party ([0064] Service representative U/I 220 accepts inquiries for consent records with some required authentication); 
provide the audit log to the requesting party ([0058] At 921, the transactions or entries in the blockchain as recorded by consent node DB 240 is compared to the transactions as recorded in the bank core system 140. At 922, inconsistent or non-matching transactions are flagged by the consent inquiry function 230, and can be provided through consumer notation U/I 210 or service representative U/I).
Before the effective filing date, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Awaraji, Harper and Dunn with the teachings of Pinski to receive a request from a requesting party to access the audit log associated with the particular customer; validate that the requested access to the audit log is permissible by the requesting party; grant the requested access to the audit log to the requesting party; provide the audit log to the requesting party. One of ordinary skill in the art would have been motivated to make this modification because the blockchain of the third party external system can be utilized to conduct audits of the bank core system that handles the opening of accounts and transactions conducted. Such an implementation can flag inconsistencies between the blockchain and the bank core system, and be maintained as a verifiable record against the bank system, thereby preventing the generation of unknown or fraudulent accounts without consent from the consumer (para. 0037).


Claims 16-19 are rejected under 35 U.S.C. 103 as being unpatentable over Awaraji et al. (US 20140172719 A1 hereinafter “Awaraji”) in view of Harper et al. (US 6651060 B1 hereinafter “Harper”) in view of Dunn (US 7912971 B1) as applied to claim1 and further in view of Wiederspohn et al. (US 20190005210 A1 hereinafter “Wiederspohn”).
Regarding claim 16, (Previously Presented) Although Awaraji teach, in para. 0052, “As illustrated in FIG. 5 a and described above, a symmetric key is generated and used to encrypt communications between the trusted information broker and the service provider. The encrypted information is stored in a transaction record, to which a transaction ID is also assigned”, the combination of Harper and Dunn may not explicitly disclose, but Wiederspohn, which is a same field of endeavor, discloses the non-transitory machine-readable storage medium as recited in claim 1, wherein 
granting the requested use of the customer-consent data record to the requestor includes sending a grant to the requestor, the grant including a unique grant identifier ([0042-0043] the consent 302 may be based on the consent template 132 of FIG. 1. The consent 302 is associated with a tenant identified by tenant ID 304 (e.g., the tenant of the computing platform 100 of FIG. 1) and a unique consent ID 306 [“unique grant identifier”]; [0075] at 1025, a copy of the individual consent data record is sent in an event message to notify the 3rd party recipient for a consent event (e.g., creation of the individual consent data record) [“sending a grant to the requestor”]).
Before the effective filing date, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Awaraji, Harper and Dunn with the teachings of Wiederspohn to grant the requested use of the customer-consent data record to the requestor includes sending a grant to the requestor, the grant including a unique grant identifier. One of ordinary skill in the art would have been motivated to make this modification because an individual consent data record identifies consent given [or identifier] by a data subject to an application system to process data associated with the data subject, such as personal data of the data subject, in association with a functionality of the application system (para. 0028). Therefore, the consent data record may be uniquely identified based on a corresponding data subject and computer-implemented application system (para. 0019).

Regarding claim 17, (Previously Presented) the combination of Awaraji, Harper, Dunn and Wiederspohn discloses the non-transitory machine-readable storage medium as recited in claim 16, wherein the execution indication includes the unique grant identifier ([Awaraji: 0042-0044] Information captured as part of Step 18 can be stored at the trusted information broker, stored at the service provider, distributed in a secure manner across service providers, or any combination thereof  [“execution indication”]; [Wiederspohn: 0028] The consent template 132 [analogous to “execution indication”] may be instantiated by the application system 160 when the user 102 accesses the application system 160; [0042-0043] the consent 302 [including consent ID “unique grant identifier”] may be based on the consent template 132 of FIG. 1).

Regarding claim 18, (Previously Presented) the combination of Awaraji, Harper, Dunn and Wiederspohn discloses the non-transitory machine-readable storage medium as recited in claim 17, wherein the grant identifier is included in the execution indication to positively and uniquely identify the grant which formed the basis for the granted use of the customer-consent data record ([Awaraji: 0042-0044] Information captured as part of Step 18 can be stored at the trusted information broker, stored at the service provider, distributed in a secure manner across service providers, or any combination thereof  [“execution indication”]; [Wiederspohn: 0028] The consent template 132 [analogous to “execution indication”] may be instantiated by the application system 160 when the user 102 accesses the application system 160; [0042-0043] the consent 302 [including consent ID “uniquely identify the grant”] may be based on the consent template 132 of FIG. 1).

Regarding claim 19, (Previously Presented) the combination of Awaraji, Harper, Dunn and Wiederspohn discloses the non-transitory machine-readable storage medium as recited in claim 16, wherein the unique grant identifier is included in the audit log ([Awaraji: 0048] all transactions, such as, but not limited to, data access and data correction requests, and the results thereof, are preferably logged by the trusted information broker, thereby creating an audit trail; [0052] As illustrated in FIG. 5 a and described above, a symmetric key is generated and used to encrypt communications between the trusted information broker and the service provider. The encrypted information is stored in a transaction record, to which a transaction ID [analogous to “unique grant identifier”] is also assigned; [Wiederspohn: 0042-0043] the consent 302 [including consent ID “uniquely identify the grant”] may be based on the consent template 132 of FIG. 1).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANDREW SUH whose telephone number is (571)270-5524. The examiner can normally be reached 9:00 AM- 5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/A.S./Examiner, Art Unit 2493                                                                                                                                                                                                        
/Jeremy S Duffield/Primary Examiner, Art Unit 2498