DETAILED ACTION

Response to Arguments
Applicant's arguments ("REMARKS") filed May 30, 2022 have been fully considered, and they are persuasive. However, upon further consideration, a new ground of rejection has been issued. 
Claims 1-15 and 18-19 are currently pending. Claims 1, 10-13, and 18-19 were amended. Claims 1 and 18-19 are independent.  

Re: Claim Rejection under 35 U.S.C. § 101
The rejection of claim 19 under 35 U.S.C. § 101 has been withdrawn in view of the amendments indicated on p. 8 of the REMARKS.

Re: Claim Rejections under 35 U.S.C. § 103
Applicant’s arguments, on pp. 8-13 of the REMARKS, in response to the rejection of the claims under 35 U.S.C. §103 with respect to Bulleit et al., US 2018/0060496 A1, in view of Hahn et al., US 9,646,172 B2, have been fully considered and are persuasive. However, a new ground of rejection has been asserted in view of King et al., US 2012/0246115 A1. See Claim Rejections – 35 USC § 103 below for further details.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.


Claims 1-7 and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Bulleit et al., US 2018/0060496 A1 (hereinafter, “Bulleit ‘496”), in view of Hahn et al., US 9,646,172 B2 (hereinafter, “Hahn ‘172”), and further in view of King et al., US 2012/0246115 A1 (hereinafter, “King ‘115”).

As per claim 1: Bulleit ‘496 discloses: 
	A computer-implemented method for managing third-party access to data (computer-implemented method for controlling electronic access to data with respected to third party users, such as healthcare providers [Bulleit ‘496, ¶¶6-8]), comprising: 
receiving, from a third-party computer, a request to access data (receiving, from a requesting third party user 102 on a client system 104, such as a healthcare provider, a request to access data within electronic health records (EHR) 140 [Bulleit ‘496, ¶¶7-9, 50; Fig. 1]), wherein the request is indicative of at least one requested operation (wherein the request is indicative of an operation to access a particular healthcare information resource (HIR) [Bulleit ‘496, ¶¶11, 100, 109]); 
determining a validity of each of the at least one requested operations indicated in the request (determining the validity of the request of the operation to access a particular HIR comprises verifying the identity of the requesting third party’s 102 certified self-sovereign identity (CSI) [Bulleit ‘496, ¶¶9, 14, 16, 18, 110; Fig. 6]) in dependence on permission data stored in a distributed public ledger (where the validation and verification is dependent on permissions stored on the blockchain 180 [Bulleit ‘496, ¶¶8, 10-11, 96, 110; Fig. 1]), 
wherein said permissions data defines, for said third-party computer, (the permissions define, for the third party user 102 such as a healthcare provider, a set of access operations indicating which particular HIRs the third party is allowed to access [Bulleit ‘496, ¶¶10-11, 19-20, 96]) and 
one or more permissible data attributes associated with (certain portions or data elements of the HIR that third party users 102 are allowed to access based on certain condition/stipulations specified in the stored permissions [Bulleit ‘496, ¶¶6, 20, 146, 205-206; Fig. 18, Fig. 19]),

logging the request and the validity in the distributed public ledger (maintain a record and activity log of requests and permissions on the blockchain 180 [Bulleit ‘496, ¶¶13, 116]); 
for each of the at least one requested operations, if the requested operation is valid (for each of the operations to access a particular HIR, determine if the request is valid by verifying the identity of the requesting third party user’s 102 CSI [Bulleit ‘496, ¶¶9, 14, 16, 18, 110; Fig. 6]), creating, on the public ledger, an electronic token (if the request is valid, generate an access token on the blockchain 180 [Bulleit ‘496, ¶¶10-11, 110; Fig. 6])
enabling the third-party computer to obtain access to one or more of the permissible data attributes associated with the requested operation (the access token enables third party users 102 to access certain portions or data elements of the HIR based on access operations specified in the stored permissions [Bulleit ‘496, ¶¶11-12, 113, 146, 205; Fig. 6, Fig. 18, Fig. 19]), 
wherein the electronic token comprises at least information indicative of a location of the data attributes (the access token may be implemented as an OAuth2 token, where OAuth2 tokens comprises location information of the requested resource [Bulleit ‘496, ¶¶61, 105, 110, 145]); 

communicating the electronic token from the public ledger to the third-party computer (communicating the access token from the blockchain 180 to the third party user 102 [Bulleit ‘496, ¶¶11-13]).

As stated above, Bulleit ‘496 does not explicitly disclose: “… permissions data defines … a plurality of permissible operations and one or more permissible data attributes associated with each of the plurality of permissible operations, wherein each of the plurality of permissible operations is an operation which may be performed using the data; … applying a time-dependent transformation to an element of the electronic token”.
Hahn ‘172, however, discloses:

…applying a time-dependent transformation to an element of the electronic token (warrant 530, where a warrant 530 is used to access securely stored data; applying a time-dependent transformation to the decryption key 532 within the warrant 530, where the decryption key is generated using a time period seed [Hahn ‘172, Col. 8 lines 16-62; Fig. 4, Fig. 5A]).

Bulleit ‘496 and Hahn ‘172 are analogous art because they are from the same field of endeavor, namely that of secure access control and storage of sensitive data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Bulleit ‘496 and Hahn ‘172 before them, to modify the method in Bulleit ‘496 to include the teachings of Hahn ‘172, namely to apply a time-dependent transformation based on a time period seed, as disclosed in Hahn ‘172, to an element within the access token disclosed in Bulleit ‘496. The motivation for doing so would be to provide increased security to a method of using an access token, such as a warrant 530, to access sensitive data, where the increased security stems, in part, from utilizing a unique time-interval-dependent element within the access token to obtain access to the data (see Hahn ‘172, Col. 6 lines 6-19, Col. 8 lines 48-62). 

As stated above, Bulleit ‘496 in view of Hahn ‘172 does not explicitely disclose: “… permissions data defines … a plurality of permissible operations and one or more permissible data attributes associated with each of the plurality of permissible operations, wherein each of the plurality of permissible operations is an operation which may be performed using the data; …”.
King ‘115, however, discloses:
… permissions data (Access Control List (ACL) [King ‘115, ¶44]) defines 
… a plurality of permissible operations (the ACL defines a set, list, or other specification of privileges associated with an object or data, where the privileges may be a plurality of operations such as access, delete, modify, move, open, save, etc. [King ‘115, ¶60]) and 
one or more permissible data attributes associated with each of the plurality of permissible operations, wherein each of the plurality of permissible operations is an operation which may be performed using the data; (the ACL defines specific the data or portions of the data associated with the privileges, such as particular file, folder, table, database object, row, column, etc.; for example, ACL table 350 includes i) a privilege column 352 defining the operations, ii) a database table column 354 defining the data or portions of the data that the operations are performed on, and iii) an authorized role column 356 defining the parties with the permissions [King ‘115, ¶¶60, 136-138; Fig. 10]) … 

Bulleit ‘496 (modified by Hahn ‘172) and King ‘115 are analogous art because they are from the same field of endeavor, namely that of secure access control and storage of sensitive data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Bulleit ‘496 (modified by Hahn ‘172) and King ‘115 before them, to modify the method in Bulleit ‘496 (modified by Hahn ‘172) to include the teachings of King ‘115, namely to implement the access permissions of Bulleit ‘496 as an ACL, as defined in King ‘115, where the ACL include a plurality of privileged operations, each associated with/may be performed on the HIR data or portions of the HIR data. The motivation for doing so would be to have greater control over the access and other operations of user-requested data by using an ACL, where an ACL is able to define privileges and permissions with a high level of specificity and adjustability (see King ‘115, ¶¶60, 86, 141). 

As per claim 2: Bulleit ‘496 in view of Hahn ‘172, and further in view of King '115 discloses all limitations of claim 1, as stated above, from which claim 2 is dependent upon. Furthermore, Bulleit ‘496 discloses:
wherein determining the validity comprises determining if the at least one requested operation is a permissible operation (determining the validity of the request of the operation to access a particular HIR validation, comprises determining whether the permission to access is within the permissions stored on the blockchain 180 [Bulleit ‘496, ¶¶8, 10-11, 96, 110; Fig. 1]).

As per claim 3: Bulleit ‘496 in view of Hahn ‘172, and further in view of King '115 discloses all limitations of claim 1, as stated above, from which claim 3 is dependent upon. Furthermore, Bulleit ‘496 discloses:
further comprising a step of logging the permission data in the distributed public ledger (maintain a record and activity log of requests and permissions on the blockchain 180 [Bulleit ‘496, ¶¶13, 116]).

As per claim 4: Bulleit ‘496 in view of Hahn ‘172, and further in view of King '115 discloses all limitations of claim 1, as stated above, from which claim 4 is dependent upon. Furthermore, Bulleit ‘496 discloses:
further comprising a step of logging the electronic token in the distributed public ledger (creation of the access token may be recorded within the healthcare blockchain 180, thus maintaining an immutable journal of all access token creation and issuance events [Bulleit ‘496, ¶11]).

As per claim 5: Bulleit ‘496 in view of Hahn ‘172, and further in view of King '115 discloses all limitations of claim 1, as stated above, from which claim 5 is dependent upon. Furthermore, Bulleit ‘496 discloses:
wherein the distributed public ledger provides nonrepudiation of the request and the validity (the blockchain 180 ensures the integrity of the request and validity through the verification of the digital signatures associated with the requesting third party’s 102 CSI [Bulleit ‘496, ¶¶56, 60, 64, 110]).

As per claim 6: Bulleit ‘496 in view of Hahn ‘172, and further in view of King '115 discloses all limitations of claim 1, as stated above, from which claim 6 is dependent upon. Furthermore, Bulleit ‘496 discloses:
wherein the distributed public ledger is a blockchain (blockchain 180 [Bulleit ‘496, ¶46, Fig. 1]).

As per claim 7: Bulleit ‘496 in view of Hahn ‘172, and further in view of King '115 discloses all limitations of claim 1, as stated above, from which claim 7 is dependent upon. Furthermore, Bulleit ‘496 discloses:
further comprising a step of communicating the request to a host of the data (communicating the request to access data within EHR 140 to the resource systems 150, where the resource system 150 hosts the EHR 140 [Bulleit ‘496, ¶¶50, 112; Fig. 1, Fig. 6]).

As per claim 18: Bulleit ‘496 discloses:
A computing apparatus comprising a memory and one or more processors, wherein the memory comprises computer readable code which, when executed by the one or more processors, is arranged to perform a method (a computer comprising a processor executing instructions stored on computer-readable memory to execute a method [Bulleit ‘496, ¶212]), the method comprising the steps of: 
receiving, from a third-party computer, a request to access data (receiving, from a requesting third party user 102 on a client system 104, such as a healthcare provider, a request to access data within electronic health records (EHR) 140 [Bulleit ‘496, ¶¶7-9, 50; Fig. 1]), wherein the request is indicative of at least one requested operation (wherein the request is indicative of an operation to access a particular healthcare information resource (HIR) [Bulleit ‘496, ¶¶11, 100, 109]); 
determining a validity of each of the at least one requested operations indicated in the request (determining the validity of the request of the operation to access a particular HIR comprises verifying the identity of the requesting third party’s 102 certified self-sovereign identity (CSI) [Bulleit ‘496, ¶¶9, 14, 16, 18, 110; Fig. 6]) in dependence on permission data stored in a distributed public ledger (where the validation and verification is dependent on permissions stored on the blockchain 180 [Bulleit ‘496, ¶¶8, 10-11, 96, 110; Fig. 1]), 
wherein said permissions data defines, for said third-party computer, (the permissions define, for the third party user 102 such as a healthcare provider, a set of access operations indicating which particular HIRs the third party is allowed to access [Bulleit ‘496, ¶¶10-11, 19-20, 96]) and 
one or more permissible data attributes associated with (certain portions or data elements of the HIR that third party users 102 are allowed to access based on certain condition/stipulations specified in the stored permissions [Bulleit ‘496, ¶¶6, 20, 146, 205-206; Fig. 18, Fig. 19]),

logging the request and the validity in the distributed public ledger (maintain a record and activity log of requests and permissions on the blockchain 180 [Bulleit ‘496, ¶¶13, 116]); 
for each of the at least one requested operations, if the requested operation is valid (for each of the operations to access a particular HIR, determine if the request is valid by verifying the identity of the requesting third party user’s 102 CSI [Bulleit ‘496, ¶¶9, 14, 16, 18, 110; Fig. 6]), 
creating, on the public ledger, an electronic token (if the request is valid, generate an access token on the blockchain 180 [Bulleit ‘496, ¶¶10-11, 110; Fig. 6])
enabling the third-party computer to obtain access to one or more of the permissible data attributes associated with the requested operation (the access token enables third party users 102 to access certain portions or data elements of the HIR based on access operations specified in the stored permissions [Bulleit ‘496, ¶¶11-12, 113, 146, 205; Fig. 6, Fig. 18, Fig. 19]),  
wherein the electronic token comprises at least information indicative of a location of the data attributes (the access token may be implemented as an OAuth2 token, where OAuth2 tokens comprises location information of the requested resource [Bulleit ‘496, ¶¶61, 105, 110, 145]); 

communicating the electronic token from the public ledger to the third-party computer (communicating the access token from the blockchain 180 to the third party user 102 [Bulleit ‘496, ¶¶11-13]).

As stated above, Bulleit ‘496 does not explicitly disclose: “… permissions data defines … a plurality of permissible operations and one or more permissible data attributes associated with each of the plurality of permissible operations, wherein each of the plurality of permissible operations is an operation which may be performed using the data; … applying a time-dependent transformation to an element of the electronic token”.
Hahn ‘172, however, discloses:

…applying a time-dependent transformation to an element of the electronic token (warrant 530, where a warrant 530 is used to access securely stored data; applying a time-dependent transformation to the decryption key 532 within the warrant 530, where the decryption key is generated using a time period seed [Hahn ‘172, Col. 8 lines 16-62; Fig. 4, Fig. 5A]).

Bulleit ‘496 and Hahn ‘172 are analogous art because they are from the same field of endeavor, namely that of secure access control and storage of sensitive data. For the reasons stated in Claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Bulleit ‘496 and Hahn ‘172 before them, to modify the method in Bulleit ‘496 to include the teachings of Hahn ‘172.

As stated above, Bulleit ‘496 in view of Hahn ‘172 does not explicitly disclose: “… permissions data defines … a plurality of permissible operations and one or more permissible data attributes associated with each of the plurality of permissible operations, wherein each of the plurality of permissible operations is an operation which may be performed using the data; …”.
King ‘115, however, discloses:
… permissions data (Access Control List (ACL) [King ‘115, ¶44]) defines 
… a plurality of permissible operations (the ACL defines a set, list, or other specification of privileges associated with an object or data, where the privileges may be a plurality of operations such as access, delete, modify, move, open, save, etc. [King ‘115, ¶60]) and 
one or more permissible data attributes associated with each of the plurality of permissible operations, wherein each of the plurality of permissible operations is an operation which may be performed using the data; (the ACL defines specific the data or portions of the data associated with the privileges, such as particular file, folder, table, database object, row, column, etc.; for example, ACL table 350 includes i) a privilege column 352 defining the operations, ii) a database table column 354 defining the data or portions of the data that the operations are performed on, and iii) an authorized role column 356 defining the parties with the permissions [King ‘115, ¶¶60, 136-138; Fig. 10]) … 

Bulleit ‘496 (modified by Hahn ‘172) and King ‘115 are analogous art because they are from the same field of endeavor, namely that of secure access control and storage of sensitive data. For the reasons stated in claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Bulleit ‘496 (modified by Hahn ‘172) and King ‘115 before them, to modify the method in Bulleit ‘496 (modified by Hahn ‘172) to include the teachings of King ‘115.

As per claim 19: Bulleit ‘496 discloses:
A non-transitory computer-readable data storage medium storing computer-readable instructions which, when executed by one or more processors (computer usable medium for storing computer readable code or program instructions executed by a processor to perform a method [Bulleit ‘496, ¶212]), perform a method comprising steps of: 
receiving, from a third-party computer, a request to access data (receiving, from a requesting third party user 102 on a client system 104, such as a healthcare provider, a request to access data within electronic health records (EHR) 140 [Bulleit ‘496, ¶¶7-9, 50; Fig. 1]), wherein the request is indicative of at least one requested operation (wherein the request is indicative of an operation to access a particular healthcare information resource (HIR) [Bulleit ‘496, ¶¶11, 100, 109]); 
determining a validity of each of the at least one requested operations indicated in the request (determining the validity of the request of the operation to access a particular HIR comprises verifying the identity of the requesting third party’s 102 certified self-sovereign identity (CSI) [Bulleit ‘496, ¶¶9, 14, 16, 18, 110; Fig. 6]) in dependence on permission data stored in a distributed public ledger (where the validation and verification is dependent on permissions stored on the blockchain 180 [Bulleit ‘496, ¶¶8, 10-11, 96, 110; Fig. 1]), 
wherein said permissions data defines, for said third-party computer, (the permissions define, for the third party user 102 such as a healthcare provider, a set of access operations indicating which particular HIRs the third party is allowed to access [Bulleit ‘496, ¶¶10-11, 19-20, 96]) and 
one or more permissible data attributes associated with (certain portions or data elements of the HIR that third party users 102 are allowed to access based on certain condition/stipulations specified in the stored permissions [Bulleit ‘496, ¶¶6, 20, 146, 205-206; Fig. 18, Fig. 19]),


logging the request and the validity in the distributed public ledger (maintain a record and activity log of requests and permissions on the blockchain 180 [Bulleit ‘496, ¶¶13, 116]); 
for each of the at least one requested operations, if the requested operation is valid (for each of the operations to access a particular HIR, determine if the request is valid by verifying the identity of the requesting third party user’s 102 CSI [Bulleit ‘496, ¶¶9, 14, 16, 18, 110; Fig. 6]), 
creating, on the public ledger, an electronic token (if the request is valid, generate an access token on the blockchain 180 [Bulleit ‘496, ¶¶10-11, 110; Fig. 6])
enabling the third-party computer to obtain access to one or more of the permissible data attributes associated with the requested operation (the access token enables third party users 102 to access certain portions or data elements of the HIR based on access operations specified in the stored permissions [Bulleit ‘496, ¶¶11-12, 113, 146, 205; Fig. 6, Fig. 18, Fig. 19]), 
wherein the electronic token comprises at least information indicative of a location of the data attributes (the access token may be implemented as an OAuth2 token, where OAuth2 tokens comprises location information of the requested resource [Bulleit ‘496, ¶¶61, 105, 110, 145]); 

communicating the electronic token from the public ledger to the third-party computer (communicating the access token from the blockchain 180 to the third party user 102 [Bulleit ‘496, ¶¶11-13]).

As stated above, Bulleit ‘496 does not explicitly disclose: “… permissions data defines … a plurality of permissible operations and one or more permissible data attributes associated with each of the plurality of permissible operations, wherein each of the plurality of permissible operations is an operation which may be performed using the data; … applying a time-dependent transformation to an element of the electronic token”.
Hahn ‘172, however, discloses:

…applying a time-dependent transformation to an element of the electronic token (warrant 530, where a warrant 530 is used to access securely stored data; applying a time-dependent transformation to the decryption key 532 within the warrant 530, where the decryption key is generated using a time period seed [Hahn ‘172, Col. 8 lines 16-62; Fig. 4, Fig. 5A]).

Bulleit ‘496 and Hahn ‘172 are analogous art because they are from the same field of endeavor, namely that of secure access control and storage of sensitive data. For the reasons stated in Claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Bulleit ‘496 and Hahn ‘172 before them, to modify the method in Bulleit ‘496 to include the teachings of Hahn ‘172.

As stated above, Bulleit ‘496 in view of Hahn ‘172 does not explicitly disclose: “… permissions data defines … a plurality of permissible operations and one or more permissible data attributes associated with each of the plurality of permissible operations, wherein each of the plurality of permissible operations is an operation which may be performed using the data; …”.
King ‘115, however, discloses:
… permissions data (Access Control List (ACL) [King ‘115, ¶44]) defines 
… a plurality of permissible operations (the ACL defines a set, list, or other specification of privileges associated with an object or data, where the privileges may be a plurality of operations such as access, delete, modify, move, open, save, etc. [King ‘115, ¶60]) and 
one or more permissible data attributes associated with each of the plurality of permissible operations, wherein each of the plurality of permissible operations is an operation which may be performed using the data; (the ACL defines specific the data or portions of the data associated with the privileges, such as particular file, folder, table, database object, row, column, etc.; for example, ACL table 350 includes i) a privilege column 352 defining the operations, ii) a database table column 354 defining the data or portions of the data that the operations are performed on, and iii) an authorized role column 356 defining the parties with the permissions [King ‘115, ¶¶60, 136-138; Fig. 10]) … 

Bulleit ‘496 (modified by Hahn ‘172) and King ‘115 are analogous art because they are from the same field of endeavor, namely that of secure access control and storage of sensitive data. For the reasons stated in claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Bulleit ‘496 (modified by Hahn ‘172) and King ‘115 before them, to modify the method in Bulleit ‘496 (modified by Hahn ‘172) to include the teachings of King ‘115.


Claims 8-12 are rejected under 35 U.S.C. 103 as being unpatentable over Bulleit ‘496, in view of Hahn ‘172, and further in view of King ‘115, and further in view of Leicher et al., US 2013/0191884 A1 (hereinafter, “Leicher ‘884”).

As per claim 8: Bulleit ‘496 in view of Hahn ‘172, and further in view of King ‘115 discloses all limitations of claim 1, as stated above, from which claim 8 is dependent upon. Bulleit ‘496 in view of Hahn ‘172, and further in view of King ‘115 does not explicitly disclose the limitations of claim 8.
Leicher ‘884, however, discloses:
	wherein the information indicative of the location of the data attributes (requested user data is retrieved from user information endpoints, where an access token may comprise the locations of the endpoints [Leicher ‘884, ¶¶6, 26, 43-44, 120; Fig. 8, Fig. 9]) is at least one URL (the location information in the access token may be URLs [Leicher ‘884, ¶¶119-121]).

Bulleit ‘496 (modified by Hahn ‘172 & King ‘115) and Leicher ‘884 are analogous art because they are from the same field of endeavor, namely that of secure access control and storage of sensitive data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Bulleit ‘496 (modified by Hahn ‘172 & King ‘115) and Leicher ‘884 before them, to modify the method in Bulleit ‘496 (modified by Hahn ‘172 & King ‘115) to include the teachings of Leicher ‘884, namely to have HIR location information within the access token, as disclosed in Bulleit ‘496, to be represented in URL format as disclosed in Leicher ‘884. The motivation for doing so would be to take advantage of certain access token implementations and protocols, such as JSON/HTTP/OAuth, which has URL integration (see Leicher ‘884, ¶¶43, 45).

As per claim 9: Bulleit ‘496, in view of Hahn ‘172, and further in view of King '115, and further in view of Leicher ‘884 discloses all limitations of claims 1 and 8, as stated above, all from which claim 9 is dependent upon. Bulleit ‘496 in view of Hahn ‘172, and further in view of King '115 does not explicitly disclose the limitations of claim 9.
Leicher ‘884, however, discloses:
wherein the URL (the URLs within the access token containing location information [Leicher ‘884, ¶¶43-44, 53, 100, 114, and the corresponding Tables]) further comprises an ID of the third-party computer (“aud”, the intended audience of the token, where “aud” may include a client id [Leicher ‘884, ¶¶48, 77, 103, and the corresponding Tables]) and an ID of an owner of the data (“iss”, a unique identifier of the owner of the data, where the owner of the data may be the network identity provider (IdP) [Leicher ‘884, ¶¶46, 77-78, and the corresponding Tables; Fig. 8, Fig. 9]).

Bulleit ‘496 (modified by Hahn ‘172 & King ‘115) and Leicher ‘884 are analogous art because they are from the same field of endeavor, namely that of secure access control and storage of sensitive data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Bulleit ‘496 (modified by Hahn ‘172 & King ‘115) and Leicher ‘884 before them, to modify the method in Bulleit ‘496 (modified by Hahn ‘172 & King ‘115) to include the teachings of Leicher ‘884, namely to have HIR location information within the access token, as disclosed in Bulleit ‘496, to be represented in URL format which contains client and data owner identifiers, as disclosed in Leicher ‘884. The motivation for doing so would be to not only take advantage of certain access token implementations and protocols, such as JSON/HTTP/OAuth, which has URL integration, but also to ensure the integrity of the access token through the validation of various identifiers (see Leicher ‘884, ¶¶77-78).

As per claim 10: Bulleit ‘496, in view of Hahn ‘172, and further in view of King '115, and further in view of Leicher ‘884 discloses all limitations of claims 1 and 8, as stated above, all from which claim 10 is dependent upon. Furthermore, Bulleit ‘496 discloses:
further comprising the steps of: 
following (locating the certain portions or data elements of the HIR that third party users 102 are allowed to access from within the resource system 150 [Bulleit ‘496, ¶¶20, 113, 146, 187, 205]);
selecting, at the public ledger (selecting the appropriate conditional stipulations within permissions stored on the blockchain, where the conditional stipulations are associated with the requested HIR, and where the conditional stipulations may be time-dependent [Bulleit ‘496, ¶¶8, 19-20, 61, 101])




As stated above, Bulleit ‘496 in view of King '115 does not explicitly disclose: “following the at least one URL to the … data attribute; selecting … a time-dependent transformation; communicating the time-dependent transformation to the location of the permissible data attribute; applying the time-dependent transformation to the permissible data attribute; returning the obfuscated permissible data attribute to the third-party computer.”
Hahn ‘172, however, discloses:
following to the … data attribute; 
selecting … a time-dependent transformation (selecting a starting time period, where the starting time period corresponds to a time period seed 308, and where the time period seed 308 is used to encrypt a data record 302 [Hahn ‘172, Col. 1 lines 32-51, Col. 5 lines 18-32, Col. 6 lines 6-19; Fig. 3]); 
communicating the time-dependent transformation to the location of the permissible data attribute (communicating an encryption key 312 based on the starting time period, to the data record 302 stored on the collection server 220 [Hahn ‘172, Col. 1 lines 32-51, Col. 6 lines 38-55; Fig. 2, Fig. 3]); 
applying the time-dependent transformation to the permissible data attribute (encrypting the data record 302 using the encryption key 312, where the encryption key is generated based on a time period seed 308 [Hahn ‘172, Col. 1 lines 32-51, Col. 5 lines 18-32, Col. 6 lines 6-55; Fig. 3]); 
returning the obfuscated permissible data attribute to the third-party computer (providing the encrypted data record to the data storage server 230, where the data storage server 120 is implemented on a separate computer system and is used to provide data to the requestor [Hahn ‘172, Col. 4 lines 18-44, Col. 9 lines 14-39, Fig. 2]).

Bulleit ‘496 (modified by King ‘115) and Hahn ‘172 are analogous art because they are from the same field of endeavor, namely that of secure access control and storage of sensitive data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Bulleit ‘496 (modified by King ‘115) and Hahn ‘172 before them, to modify the method in Bulleit ‘496 (modified by King ‘115) to include the teachings of Hahn ‘172, namely to select and apply a time-dependent transformation based on a time period seed, as disclosed in Hahn ‘172, to the requested data and transmitting the transformed requested data to the requesting third party user 102, as disclosed in Bulleit ‘496. The motivation for doing so would be to provide increased security to a method of using an access token, such as a warrant 530, to access sensitive data, where the increased security stems, in part, from utilizing a unique time-interval-dependent element within the access token to obtain access to the data, where the data is also transformed in a way that corresponds to the unique time-interval-dependent element within the access token (see Hahn ‘172, Col. 6 lines 6-19, Col. 8 lines 48-62). 

As stated above, Bulleit ‘496 in view of King '115, and further in view of Hahn ‘172 does not explicitly disclose: “following the at least one URL to the … data attribute …”.
Leicher ‘884, however, discloses:
following the at least one URL to the … data attribute … (requested user data is retrieved from user information endpoints, where an access token may comprise the locations of the endpoints, and where the location information in the access token may be URLs [Leicher ‘884, ¶¶6, 26, 43, 119-121; Fig. 8, Fig. 9])

Bulleit ‘496 (modified by King ‘115 & Hahn ‘172) and Leicher ‘884 are analogous art because they are from the same field of endeavor, namely that of secure access control and storage of sensitive data. For the reasons disclosed in Claim 9, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Bulleit ‘496 (modified by King ‘115 & Hahn ‘172) and Leicher ‘884 before them, to modify the method in Bulleit ‘496 (modified by King ‘115 & Hahn ‘172) to include the teachings of Leicher ‘884.

As per claim 11: Bulleit ‘496, in view of Hahn ‘172, and further in view of King '115, and further in view of Leicher ‘884 discloses all limitations of claims 1, 8, and 10, as stated above, all from which claim 11 is dependent upon. Bulleit ‘496 in view of King '115, and further in view of Leicher ‘884 does not explicitly disclose the limitations of claim 11.
Hahn ‘172, however, discloses:
wherein the step of selecting a time-dependent transformation comprises starting a time window (selecting a starting time period, where the starting time period may be configured to any interval of time, and where the starting time period is used to encrypt a data record 302 [Hahn ‘172, Col. 1 lines 32-51, Col. 5 lines 18-32, Col. 6 lines 6-19; Fig. 3]), 
wherein the electronic token is not sufficient to enable access to the permissible data after the time window lapses (the warrant 530 is not able to access the data through decryption upon expiration of the starting time period, or if the desired time range does not match [Hahn ‘172, Col. 2 lines 18-36, Col. 8 line 24 – Col. 9 line 13]).

Bulleit ‘496 (modified by King ‘115 & Leicher ‘884) and Hahn ‘172 are analogous art because they are from the same field of endeavor, namely that of secure access control and storage of sensitive data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Bulleit ‘496 (modified by King ‘115 & Leicher ‘884) and Hahn ‘172 before them, to modify the method in Bulleit ‘496 (modified by King ‘115 & Leicher ‘884) to include the teachings of Hahn ‘172, namely to select and apply a time-dependent transformation based on a time period seed, where the time period seed may be based on a time interval, as disclosed in Hahn ‘172, to the requested data, as disclosed in Bulleit ‘496, and not allowing the access token to access the requested data if the time period seed has expired. The motivation for doing so would be to provide increased security to a method of using an access token, such as a warrant 530, to access sensitive data, where the increased security stems, in part, from utilizing a unique time-interval-dependent element within the access token to obtain access to the data, where the data is also transformed in a way that corresponds to the unique time-interval-dependent element within the access token (see Hahn ‘172, Col. 6 lines 6-19, Col. 8 lines 48-62).

As per claim 12: Bulleit ‘496, in view of Hahn ‘172, and further in view of King '115, and further in view of Leicher ‘884 discloses all limitations of claims 1, 8, 10, and 11, as stated above, all from which claim 12 is dependent upon. Bulleit ‘496, in view of King ‘115, and further in view Leicher ‘884 does not explicitly disclose the limitations of claim 12.
Hahn ‘172, however, discloses:
wherein the step of selecting a time-dependent transformation (selecting a starting time period, where the starting time period may be configured to any interval of time, and where the starting time period is used to encrypt a data record 302 [Hahn ‘172, Col. 1 lines 32-51, Col. 5 lines 18-32, Col. 6 lines 6-19; Fig. 3]) comprises determining if the time window has lapsed and selecting a time-dependent transformation in dependence thereon (determining if time interval based on the starting time period has expired, and selecting a new starting time period at expiration by incrementing a time period counter [Hahn ‘172, Col. 1 lines 32-51, Col. 2 lines 18-27, Col. 11 lines 31-43]).

Bulleit ‘496 (modified by King ‘115 & Leicher ‘884) and Hahn ‘172 are analogous art because they are from the same field of endeavor, namely that of secure access control and storage of sensitive data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Bulleit ‘496 (modified by King ‘115 & Leicher ‘884) and Hahn ‘172 before them, to modify the method in Bulleit ‘496 (modified by King ‘115 & Leicher ‘884) to include the teachings of Hahn ‘172, namely to select and apply a time-dependent transformation based on a time period seed, where the time period seed may be based on a time interval, as disclosed in Hahn ‘172, to the requested data, as disclosed in Bulleit ‘496, where the selection of the time period seed is based on whether the starting time period has expired. The motivation for doing so would be to provide increased security to a method of using an access token, such as a warrant 530, to access sensitive data, where the increased security stems, in part, from utilizing a unique time-interval-dependent element within the access token to obtain access to the data, where the data is also transformed in a way that corresponds to the unique time-interval-dependent element within the access token (see Hahn ‘172, Col. 6 lines 6-19, Col. 8 lines 48-62).


Claims 14-15 are rejected under 35 U.S.C. 103 as being unpatentable over Bulleit ‘496, in view of Hahn ‘172, and further in view of King '115, and further in view of Shablygin et al., US 2013/0208893 A1 (hereinafter, “Shablygin ‘893”).

As per claim 14: Bulleit ‘496 in view of Hahn ‘172, and further in view of King '115 discloses all limitations of claim 1, as stated above, from which claim 14 is dependent upon. Bulleit ‘496, in view of Hahn ‘172, and further in view of King '115 does not explicitly disclose the limitations of claim 14.
Shablygin ‘893, however, discloses:
wherein: the data requested is in at least a first fragment and a second fragment (requesting and retrieving data, where the data comprises of a plurality of fragments [Shablygin ‘893, ¶¶67, 84-86; Fig. 4B]), 
wherein the first and second fragments are stored separately (the plurality of data fragments are storage in separate data storage locations [Shablygin ‘893, ¶¶84-85; Fig. 4B]); and 
creating the electronic token (creating the data container identifier 14, where the data container identifier 14 is used to access data stored in the data container 10 [Shablygin ‘893, ¶¶68-69; Fig. 2A, Fig. 2B]) comprises including in the electronic token information corresponding to the locations of the first and second fragments (the data container identifier 14 includes information such as User ID 28 and Service Provider ID 22, where the User ID 28 and Service Provider ID 22 are used to identify the data storage locations of the data fragments [Shablygin ‘893, ¶¶68, 76, 83-84, 121; Fig. 2A, Fig. 4A]).

Bulleit ‘496 (modified by Hahn ‘172 & King '115) and Shablygin ‘893 are analogous art because they are from the same field of endeavor, namely that of secure access control and storage of sensitive data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Bulleit ‘496 (modified by Hahn ‘172 & King '115)) and Shablygin ‘893 before them, to modify the method in Bulleit ‘496 (modified by Hahn ‘172 & King '115) to include the teachings of Shablygin ‘893, namely to implement the requested data as a plurality of data fragments stored in separated data storages, as disclosed in Shablygin ‘893, where the access token, as disclosed in Bulleit ‘496, contains information that identifies the data storage locations of the data fragments. The motivation for doing so would be to increase the protection of sensitive data through fragmentation and separate storages, as well as providing a secure method for authorized users to reconstruct the fragmented data via an access token, such as the data container identifier 14, which contains location information of the fragments (see Shablygin ‘893, ¶¶72, 76).

As per claim 15: Bulleit ‘496, in view of Hahn ‘172, and further in view of King '115, and further in view of Shablygin ‘893 discloses all limitations of claims 1 and 14, as stated above, all from which claim 15 is dependent upon. Bulleit ‘496, in view of Hahn ‘172, and further in view of King '115 does not explicitly disclose the limitations of claim 15.
Shablygin ‘893, however, discloses:
further comprising the step of retrieving transformation information corresponding to the fragments of data (the fragments of data are transformed/obfuscated through encryption using an encryption key; retrieving the encryption key, where the encryption key is generated based on the User ID 28 and Service Provider ID 22 [Shablygin ‘893, ¶¶76-77; Fig. 3B]), 
and wherein creating the electronic token comprises including the transformation information in the electronic token (creating the data container identifier 14, where the data container identifier 14 includes information such as User ID 28 and Service Provider ID 22, and where an encryption key used to encrypt the data fragments is generated based on the User ID 28 and Service Provider ID 22 [Shablygin ‘893, ¶¶68, 76-77; Fig. 2A, Fig. 2B]); and optionally wherein the time-dependent transformation is applied to the transformation information.

Bulleit ‘496 (modified by Hahn ‘172 & King ‘115) and Shablygin ‘893 are analogous art because they are from the same field of endeavor, namely that of secure access control and storage of sensitive data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Bulleit ‘496 (modified by Hahn ‘172 & King ‘115) and Shablygin ‘893 before them, to modify the method in Bulleit ‘496 (modified by Hahn ‘172 & King ‘115) to include the teachings of Shablygin ‘893, namely to implement the requested data as a plurality of data fragments stored in separated data storages, as disclosed in Shablygin ‘893, where the access token, as disclosed in Bulleit ‘496, contains not only information that identifies the data storage locations of the data fragments, but also transformation information, based on encryption, corresponding to the data fragments. The motivation for doing so would be to increase the protection of sensitive data through fragmentation and separate storages, as well as providing a secure method for authorized users to reconstruct the fragmented data via an access token, such as the data container identifier 14, which contains location information and decryption information of the fragments (see Shablygin ‘893, ¶¶72, 75-76).


Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Bulleit ‘496, in view of Hahn ‘172, and further in view of King '115, and further in view of Leicher ‘884, and further in view of Chang et al., US 2018/0173589 A1 (hereinafter, “Chang ‘589”).

As per claim 13: Bulleit ‘496, in view of Hahn ‘172, and further in view of King '115, and further in view of Leicher ‘884 discloses all limitations of claims 1, 8, 10, 11 and 12, as stated above, all from which claim 13 is dependent upon. Bulleit ‘496 in view of King '115, and further in view of Leicher ‘884 does not explicitly disclose the limitations of claim 13.
Hahn ‘172, however, discloses:
wherein, if the time window has not lapsed (determining if time interval based on the starting time period has or has not expired [Hahn ‘172, Col. 1 lines 32-51, Col. 2 lines 18-27, Col. 11 lines 31-43]), 
the time-dependent transformation is selected (selecting the corresponding time period seed to apply a time-dependent transformation to the decryption key 532 within the warrant 530, where the decryption key is generated using the time period seed [Hahn ‘172, Col. 8 lines 16-62; Fig. 4, Fig. 5A]).

Bulleit ‘496 (modified by King ‘115 & Leicher ‘884) and Hahn ‘172 are analogous art because they are from the same field of endeavor, namely that of secure access control and storage of sensitive data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Bulleit ‘496 (modified by King ‘115 & Leicher ‘884) and Hahn ‘172 before them, to modify the method in Bulleit ‘496 (modified by King ‘115 & Leicher ‘884) to include the teachings of Hahn ‘172, namely to select and apply a time-dependent transformation based on a time period seed, where the time period seed may be based on a time interval, as disclosed in Hahn ‘172, to the requested data, as disclosed in Bulleit ‘496, where the selection of the time period seed is based on whether the starting time period has expired. The motivation for doing so would be to provide increased security to a method of using an access token, such as a warrant 530, to access sensitive data, where the increased security stems, in part, from utilizing a unique time-interval-dependent element within the access token to obtain access to the data, where the data is also transformed in a way that corresponds to the unique time-interval-dependent element within the access token (see Hahn ‘172, Col. 6 lines 6-19, Col. 8 lines 48-62).

	As stated above, Bulleit ‘496 in view of Hahn ‘172, and further in view of King '115, and further in view of Leicher ‘884 does not explicitly disclose: “the … transformation is selected to be the inverse of the … transformation applied to the element of the electronic token”.
	Chang ‘589, however, discloses:
	the … transformation is selected to be the inverse (an inverse obfuscation matrix 342 is selected [Chang ‘589, ¶¶17, 82, 89-90]) of the … transformation applied to the element of the electronic token (the an inverse obfuscation matrix 342 is the inverse of the obfuscation matrix 332, where the obfuscation matrix 332 was applied data matrix 134, and where the data matrix 134 contains data elements from a data segment [Chang ‘589, ¶¶82, 86]).

Bulleit ‘496 (modified by King ’11 & Leicher ‘884 & Hahn ‘172) and Chang ‘589 are analogous art because they are from the same field of endeavor, namely that of secure access control and storage of sensitive data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Bulleit ‘496 (modified by King ’11 & Leicher ‘884 & Hahn ‘172) and Chang ‘589 before them, to modify the method in Bulleit ‘496 (modified by King ’11 & Leicher ‘884 & Hahn ‘172) to include the teachings of Chang ‘589, namely to implement the time-dependent transformation, as disclosed in Hahn ‘172, to be a time-dependent obfuscation matrix 332, as disclosed in Chang ‘589, where the time-dependent obfuscation matrix 332 is applied on elements within the access token, as disclosed in Bulleit ‘496, and the inverse of the obfuscation matrix 332 is selected if starting time period, as disclosed in Hahn ‘172, has not expired. The motivation for doing so would be to avoid complex key management schemes that cause additional computation that comes with traditional encryption techniques, by using efficient matrix operations, such as matrix obfuscation and inversion (see Chang ‘589, ¶¶46, 48).


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Anton et al., US 2017/0034217 A1: system of authorization of access to a data resource in addition to specific actions to be performed on the data resource based on an authorized context enforced by a use policy, where the system maintains an active use ledger.
McClintock et al., US 9,674,194 B1: creating a permissions grant which may include a listing of actions a user may perform on a resource, where the resource may a key to validate a whether a user is authorized to perform one or more actions
Friedmann, US 2017/0054726 A1: method for accessing content by clients of one or more resources located among one or more resource providers, where clients are granted access to resources on the resource provider using distributed authorization tokens.
Kumar, US 2018/0288031 A1: A secure identity framework for the collection and access of data, where the secure identity framework locally generates application specific token sets based on the digital identity profile for authentication and authorization. 
Hennebert, US 2019/0294822 A1: storing and managing access to data, where data is stored at addresses in a first database and the identifiers are stored in a second database. The link between these two databases is ensured by elements in the blockchain.
 
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALAN LINGQIAN KONG whose telephone number is (571)272-2646. The examiner can normally be reached Monday-Thursday 8:00am-5:30pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG (JAY) KIM can be reached on (571)272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ALAN LINGQIAN KONG/Examiner, Art Unit 2494


/SHANTO ABEDIN/Primary Examiner, Art Unit 2494