DETAILED ACTION
This Office action is in response to remarks filed by Applicant on 6/17/2022.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Response to Amendment
Applicant presents amendments to independent claims 1, 10, and 19.  All amendments have been fully considered.
Applicant’s amendments are sufficient to overcome the previous rejection under 35 U.S.C. § 102/103.  An additional search was required and the mapping of a new combination of references is presented below. 

Response to Arguments
Applicant presents arguments with respect to claims 1, 5, 10, 14, and 19.  All arguments have been fully considered.
Applicant argues that amended subject matter is not found in the previously cited primary reference, Doyle.  Upon consideration of the amended claim as a whole, Examiner was unable to maintain the previous rejection based upon a single reference.  The new mapping presented below provides an explanation as to how the new combination of references (though the rejection still relies, in part, on the previously cited primary reference) is being interpreted and applied.
Applicant argues that the secondary reference, Low, fails to recited the subject matter of claims 5 and 14, specifically “wherein the micro agent comprises a self-executable macro for maintaining a log of all read and write accesses to the data block” (Claim 5). The Examiner points out that the primary reference previous establishes that the disclosed security container is a self-contained capsule of the protected data object. The introduction of the secondary reference Low is used to show the concept of an agent asserting access control over encrypted protected data by using an audit log to track all reads and writes of the protected file, as set out in the previous Office Action.  Applicant’s arguments are unpersuasive. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 10, and 19 rejected under 35 U.S.C. 103 as being unpatentable over Doyle (US 2008/0215897 A1, published Sep. 4, 2008) in view of Jeffries (US 2013/0145178 A1, published Jun. 6, 2013).
Regarding claims 1, 10 and 19, Doyle discloses: a method for controlling context-based access of data, the method comprising: receiving, at a producer, a request to access a data block from a consumer (a requester (reads on recited consumer) requests access to a document component mediated by a security container. Doyle para. 0081. The security container’s interface received the user’s access request. Doyle para. 0081.), wherein an encrypted version of the data block is included in a data capsule (each security container contains an encrypted document component. Doyle ¶ 50.), the data capsule further including a self-executable micro agent for controlling access to the encrypted version of the data block (the container interface manages access to the contained object. Doyle ¶ 60. The container interface acts by itself with rules that govern who can access the components and what they can do when granted access. Doyle ¶ 41.  The disclosed framework is a container that orchestrates activation of the elementary objects is contains. Doyle ¶ 39.); verifying whether a context associated with the consumer will allow the consumer to access the data block based on providing the context to the self-executable micro agent included in the data capsule (the security container’s interface receives the user’s access request including the user’s distinguished name, or DN, or similar unambiguous identifier. Doyle ¶¶ 49 and 81. Determining whether the requester is a member of a group of authorized users allowed to access to the document component. Doyle paras. 0081-0083. Whether the requester is a member of a group authorized to access is interpreted as the recited context associated with the consumer.); [and upon verifying that the context will allow the consumer to access the data block,] transferring the data capsule (the security container can be copied and/or passed from a source to a destination using a communications system or a messaging system. Doyle ¶ 43.), including the encrypted version of the data block and the self-executable micro agent, wherein the self-executable micro agent allows access to data block based on receiving the context (each security container contains an encrypted document component and manages access to the contained object. Doyle ¶¶ 50 and 60.).
Doyle does not disclose: upon verifying that the context will allow the consumer to access the data block, transferring the data capsule.
However, Jeffries does disclose: upon verifying that the context will allow the consumer to access the data block, transferring the data capsule (portable secure data container including data portions describing access permissions, perform decryption, and control enforcement. Jeffries ¶ 15. If the user is permitted to modify the file, it is transferred. Jeffries ¶ 101.).
 Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the data security container containing rules to control permissions and decryption keys for encrypted content of Doyle with transferring the data capsule upon verifying context will allow the consumer to access the data block based upon the teachings of Jeffries.  The motivation being to maintain data protection for a file when transferred to anther computer. Jeffries ¶ 2.

Claims 2-3, 8, 11-12, 17, 20 rejected under 35 U.S.C. 103 as being unpatentable over Doyle in view of Jeffries in view of Fontaine (US 2009/0094164 A1, published Apr. 9. 2009).
Regarding claims 2, 11, and 20, Doyle in view of Jeffries discloses the limitations of claim 1, 10, and 19, respectively. Doyle in view of Jeffries does not disclose: wherein verifying whether a context associated with the consumer will allow the consumer to access the data block comprises: providing a challenge to the consumer, the challenge associated with the request; and obtaining a response to the challenge, the response comprising at least a certification that the context associated with the consumer will allow the consumer to access the data block.
However, Fontaine does disclose: wherein verifying whether a context associated with the consumer will allow the consumer to access the data block comprises: providing a challenge to the consumer (authenticating server issues a security challenge to the client. Fontaine para. 0016.), the challenge associated with the request (system receives a request for remote access to the application sever from a client. Fontaine para. 0015.); and obtaining a response to the challenge (the client receives the challenges, interrogates the security challenge, and generates a response that is sent to the authenticating server. Fontaine para. 0016.), the response comprising at least a certification that the context associated with the consumer will allow the consumer to access the data block (the response to the challenge enables the user’s presence at the location from which the request has been sent to be verified. Fontaine para. 0016.).
 Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the data security container containing rules to control permissions and decryption keys for encrypted content of Doyle with a challenge response function to verify the context used to verify the requester based upon the teachings of Fontaine. The motivation being to be able to ensure the requester is actually located in the place where the requested transactions take place for legal considerations in the requester’s asserted location. Fontaine para. 0008.
Regarding claims 3 and 12, Doyle in view of Jeffries in view of Fontaine discloses the limitations of claims 2 and 11, respectively, wherein the certification comprises a trusted third party certification and one or more parameters for proving that the trusted third party certification is associated with the request from the consumer to access the data block (the location verification is delegated from the application server to an authentication server which may employ a RADIUS server or another server which include dial up user validation software adapted to validate a user by comparing logon name or password with jurisdictional values in a database or table. Fontaine para. 0030. The dialing system includes a system for identifying the number associated with the dialer located at the user’s location. Fontaine para. 0031.). 
Regarding claims 8 and 17, Doyle in view of Jeffries discloses the limitations of claims 1 and 10, respectively. Doyle in view of Jeffries does not disclose: wherein the context is a geolocation associated with the consumer.
However, Fontaine does disclose: wherein the context is a geolocation associated with the consumer (authenticating the geographic location of a user, identifying the user, and permitting the user to access a system. Fontaine para. 0013.).
 Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the data security container containing rules to control permissions and decryption keys for encrypted content of Doyle with a challenge response function to verify the context used to verify the requester based upon the teachings of Fontaine. The motivation being to be able to ensure the requester is actually located in the place where the requested transactions take place for legal considerations in the requester’s asserted location. Fontaine para. 0008. 

Claims 4, 13 rejected under 35 U.S.C. 103 as being unpatentable over Doyle in view of Jeffries in view of Williams (US 2007/0130070 A1, published Jun. 7 2007).
Regarding claims 4 and 13, Doyle in view of Jeffries discloses the limitations of claims 1 and 10, respectively. Doyle in view of Jeffries does not disclose: receiving the request from a data broker and transferring the data capsule to the data broker, the data broker configured as an intermediary between the producer and the consumer.
However, Williams does disclose: receiving the request from a data broker and transferring the data capsule to the data broker, the data broker configured as an intermediary between the producer and the consumer (a data broker situated as a third-party intermediary between the requester and the resource. Williams para. 0006.). 
  Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the data security container containing rules to control permissions and decryption keys for encrypted content of Doyle with the use of an intermediary data broker based upon the teachings of Williams. The motivation being to facilitate anonymous exchange of information between systems users and the resource. Williams para. 0006.

Claims 5-7, 14-16 rejected under 35 U.S.C. 103 as being unpatentable over Doyle in view of Jeffries in view of Low (US 2007/0050362 A1, published Mar. 1, 2007).
Regarding claims 5 and 14, Doyle in view of Jeffries discloses the limitations of claims 1 and 10, respectively. Doyle in view of Jeffries does not disclose: wherein the micro agent comprises a self-executable macro for maintaining a log of all read and write accesses to the data block.
However, Low does disclose: wherein the micro agent comprises a self-executable macro for maintaining a log of all read and write accesses to the data block (access control agent over encrypted protected data uses an audit log to track all reads and writes of the protected file. Low para. 0025.).
 Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the data security container containing rules to control permissions and decryption keys for encrypted content of Doyle with maintaining a log of all read and write access to the protected data based upon the teachings of Low. The motivation being to use complex access control rules and auditing controls to protect downloaded data from a repository. Low paras. 0005 and 0008.
Regarding claims 6 and 15, Doyle in view of Jeffries discloses the limitations of claims 1 and 10, respectively, wherein the micro agent is configured to control access to the data block by one or more applications when the data block is received by the consumer (the agent can control requests including requests based upon the application that generated the request. Doyle para. 0053.).
Doyle in view of Jeffries does not disclose: based on interacting with an operating system.
However, Low does disclose: based on interacting with an operating system (setting access controls such as time periods, which are based upon consulting the computer’s OS clock and network setting to determine whether the control requirements are satisfied. Low para. 0036.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the data security container containing rules to control permissions and decryption keys for encrypted content of Doyle with control access to the protected data based upon interacting with an operating system based upon the teachings of Low. The motivation being to have a trusted baseline for access control parameters. Low para. 0036.
Regarding claims 7 and 16, Doyle in view of Jeffries discloses the limitations of claims 1 and 10, respectively. Doyle in view of Jeffries does not disclose: wherein the data capsule further comprises a data block identifier associated with the data block, the data block identifier for identifying the data block.
However, Low does disclose: wherein the data capsule further comprises a data block identifier associated with the data block, the data block identifier for identifying the data block (the access agent registers the electronic file with a server and the protected electronic file in the encapsulated security container is given a unique ID or URI. Low para. 0023.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the data security container containing rules to control permissions and decryption keys for encrypted content of Doyle with assigning a data block identifier based upon the teachings of Low.  The motivation being to track the data container allowing comparison with the container’s reference copy. Low para. 0023.
 
Claims 9, 18 rejected under 35 U.S.C. 103 as being unpatentable over Doyle in view of Jeffries in view of Fontaine in view of Malaney (US 2012/0195597 A1, published Aug. 2, 2012).
Regarding claims 9 and 18, Doyle in view of Jeffries in view of Fontaine discloses the limitations of claim 8, and 17, respectively. Doyle in view of Jeffries in view of Fontaine does not disclose: performing continuous geolocation assessment while transferring the data capsule, the continuous geolocation assessment for verifying the geolocation of the consumer at two or more points in time during the transfer.
However, Malaney does disclose: performing continuous geolocation assessment while transferring the data capsule, the continuous geolocation assessment for verifying the geolocation of the consumer at two or more points in time during the transfer (location verification can be monitored continuously in real-time during the data transfer, halting the data transfer upon violation of the verification parameters. Malaney para. 0075.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the data security container containing rules to control permissions and decryption keys for encrypted content of Doyle with continuous geolocation assessment during data transfer based upon the teachings of Malaney. The motivation being to prevent an adversary from continuing to receive real-time data without one of the adversary’s devices being at the specified location. Malaney para. 0075. 

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VANCE LITTLE whose telephone number is (571)270-0408. The examiner can normally be reached Monday - Friday 9:30am - 5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung (Jay) Kim can be reached on (571) 272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/VANCE M LITTLE/Examiner, Art Unit 2494