DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office Action is in response to Application 17587406 filed on 01/28/2022. Claims 1, 11 and 20 are independent claims. Claims 1-20 have been examined and are pending in this application. This Office Action is made Non-Final.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 01/28/2022 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Specification
The disclosure is objected to because of the following informalities: Specification Summary missing. Appropriate correction is required. See MPEP § 608.01(a).




Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.  
Claims 1-4, 6, 9-14, 16 and 19-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1, 4-5 and 19 of U.S. Patent No. 11,270,021.  Although the claims at issue are not identical, they are not patentably distinct from each other because Claims 1-4, 6, 9-14, 16 and 19-20 of the instant application are anticipated by claims 1, 4-5 and 19 of the US Patent No. 11,270,021, respectively (refer to the comparison table below for detail).

Instant Application 17/587,406
US patent No. 11,270,021
Claim 1. A server comprising: 
a communications module; a processor coupled to the communications module; and a memory coupled to the processor, the memory storing processor-executable instructions which, when executed, configure the processor to: 

monitor a risk parameter associated with a third party server to detect a change in the risk parameter; and 
responsive to detecting the change in the risk parameter: 



send, to a remote computing device and via the communications module, a notification that includes a first selectable option to modify data sharing associated with the third party server and a second selectable option to replace the third party server with an alternative third party server.

Claim 4; determine, based on a signal received from the remote computing device indicating selection of the first selectable option, that data sharing with the third party server is to be modified based on the change in risk parameter; and 
modify the data sharing associated with the third party server.  






Claim 6; receive, from the remote computing device and via the communications module, a signal representing an indication of consent to share data with the third party server; 
in response to receiving the indication of consent, issue an access token to the third party server, the access token for accessing data.  

Claim 1. A server comprising: 
a communications module; a processor coupled to the communications module; and a memory coupled to the processor, the memory storing processor-executable instructions which, when executed, configure the processor to:

monitor a risk parameter associated with the third party server to detect a change in the risk parameter; and
responsive to detecting the change in the risk parameter: 

identify an alternative third party server;

send, to the remote computing device and via the communications module, a notification that includes a first selectable option to modify a data sharing option associated with the third party server and a second selectable option to replace the third party server with the alternative third party server; 

determine, based on a signal received from the authenticated entity indicating selection of the first selectable option, that data sharing with the third party server is to be modified based on the change in risk parameter; and 

modify the data sharing for the authenticated entity with the third party server by at least one of revoking the access token and modifying an access permission associated with the access token.

receive, from a remote computing device and via the communications module, a signal representing an indication of consent for an authenticated entity to share data with a third party server; 
in response to receiving the indication of consent, issue an access token to the third party server, the access token for accessing data associated with the authenticated entity; 


Claim 11. A method comprising:











monitoring a risk parameter associated with a third party server to detect a change in the risk parameter; and 
responsive to detecting the change in the risk parameter: 




sending, to a remote computing device and via the communications module, a notification that includes a first selectable option to modify data sharing associated with the third party server and a second selectable option to replace the third party server with an alternative third party server.


Claim 14; determine, based on a signal received from the remote computing device indicating selection of the first selectable option, that data sharing with the third party server is to be modified based on the change in risk parameter; and 
modify the data sharing associated with the third party server.  


10. A method comprising: 
receiving, from a remote computing device and at a server, a signal representing an indication of consent for an authenticated entity to share data with a third party server; 
in response to receiving the indication of consent, issuing an access token to the third party server, the access token for accessing data associated with the authenticated entity; 

monitoring a risk parameter associated with the third party server to detect a change in the risk parameter; and

responsive to detecting the change in the risk parameter: 

identifying an alternative third party server; 

sending, to the remote computing device, a notification that includes a first selectable option to modify a data sharing option associated with the third party server and a second selectable option to replace the third party server with the alternative third party server; 



determining, based on a signal received from the authenticated entity indicating selection of the first selectable option, that data sharing with the third party server is to be modified based on the change in risk parameter; and 

modifying the data sharing for the authenticated entity with the third party server by at least one of revoking the access token and modifying an access permission associated with the access token.


Claim 20. A non-transitory computer readable storage medium comprising processor-executable instructions which, when executed, configure a processor to:










monitor a risk parameter associated with a third party server to detect a change in the risk parameter; and
responsive to detecting the change in the risk parameter: 



send, to a remote computing device and via the communications module, a notification that includes a first selectable option to modify data sharing associated with the third party server and a second selectable option to replace the third party server with an alternative third party server.  


Claim 18. A non-transitory computer readable storage medium comprising processor-executable instructions which, when executed, configure a processor to:
receive, from a remote computing device, a signal representing an indication of consent for an authenticated entity to share data with a third party server; 
in response to receiving the indication of consent, issue an access token to the third party server, the access token for accessing data associated with the authenticated entity; 

monitor a risk parameter associated with the third party to detect a change in the risk parameter;
responsive to detecting the change in the risk parameter: 

identify an alternative third party server;

send, to the remote computing device, a notification that includes a first selectable option to modify a data sharing option associated with the third party server and a second selectable option to replace the third party server with the alternative third party server; 

determine, based on a signal received from the authenticated entity indicating selection of the first selectable option, that data sharing with the third party server is to be modified based on the change in risk parameter; and 
modify the data sharing for the authenticated entity with the third party server by at least one of revoking the access token and modifying an access permission associated with the access token. 



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-4, 7-9, 11, 13-14 and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Zorlular et al. (“Zorlular,” US 20180183827, published on 06/28/2018) in view of LEVITT et al. (“LEVITT,” WO 2019049042, published on 03/14/2019)

Regarding Claim 1;
Zorlular discloses a server comprising: 
a communications module; a processor coupled to the communications module; and a memory coupled to the processor, the memory storing processor-executable instructions which, when executed, configure the processor to (par 0122; fig. 10; computer system includes a bus or other communication mechanism for communicating information, and a hardware processor, or multiple processors, coupled with bus for processing information):
monitor a risk parameter associated with a third party server to detect a change in the risk parameter (par 0096; fig. 1A; a network overview provided by the warning system to an analyst to allow the analyst to review the risk level of all resources on the network that are being monitored by the warning system; 0097; the risk trend indicator shows the resource that has been determined as having the greatest increase in risk over a recent period of time [] for example, resource name column shows the name of the resource. Risk score column shows the risk score corresponding to the resource); and 
responsive to detecting the change in the risk parameter: send, to a remote computing device and via the communications module, a notification that includes a first selectable option to modify data sharing associated with the third party server and a second selectable option (0097; the risk trend indicator shows the resource that has been determined as having the greatest increase in risk over a recent period of time; par 0084; if the risk estimate exceeds the threshold or the threshold plus the random value control passes wherein an alert is generated to indicate to an analyst information regarding a probably cyber-attack against the resource; par 0089; the warning system moves on depending on the analyst's response. If the analyst chooses to dismiss the alert, the warning system will adjust the weight table [] if the analyst chooses to confirm the alert, the warning system leaving the set of weights unchanged, thus reflecting the analyst's determination that similar alerts should be issued in the future; par 0085; the resource event history is updated to reflect the new alert or the new event, whatever the case may be. For example, the warning system accessing a database storing all events and alerts for a given resource and inserting a record indicating the new event or alert, the date and time of occurrence, the risk estimate and other contextual data that may have been accessed during one of the preceding).
  Zorlular discloses a first selectable option to modify data sharing associated with the third party server and a second selectable option as recited above, but do not explicitly disclose replace the third party server with an alternative third party server.
However, in an analogous art, LEVITT discloses risk and value modeling system/method that includes:
replace the third party server with an alternative third party server (LEVITT: page 26; taking an action if a service level parameter breach is detected. In some cases, an action may be taken in anticipation of a breach or predicted breach. The digital platform notified of the breach which, in turn, may forward the notification to the insurer service. This may trigger the external third party, in this exemplary application the insurer service, to locate another external third party providing the same service and switching to that service).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of LEVITT with the method/system of Zorlular to include replace the third party server with an alternative third party server. One would have been motivated to detect that a service level parameter is breached, a notification of the breach is transmitted to the digital platform. The notification may trigger connection of an alternative centralized or decentralized distributed service to the client devices (LEVITT: abstract).

Regarding Claim 3;
The combination of Zorlular and LEVITT disclose the server of claim 1,
Zorlular discloses wherein the instructions further configure the processor to: determine, based on a signal received from the remote computing device indicating selection of the second selectable option (Zorlular: par 0084; if the risk estimate exceeds the threshold or the threshold plus the random value control passes wherein an alert is generated to indicate to an analyst information regarding a probably cyber-attack against the resource; par 0089; if the analyst chooses to dismiss the alert, the warning system will adjust the weight table [] if the analyst chooses to confirm the alert [] after an alert has been responded to by an analyst, the warning system marks the alert as historic).
LEVITT discloses that the third party server is to be replaced with the alternative third party server (LEVITT: page 26; taking an action if a service level parameter breach is detected. In some cases, an action may be taken in anticipation of a breach or predicted breach. The digital platform notified of the breach which, in turn, may forward the notification to the insurer service. This may trigger the external third party, in this exemplary application the insurer service, to locate another external third party providing the same service and switching to that service); and configure the data sharing for the alternative third party server (LEVITT: page 4; identifying another external third party providing the same service and automatically switching connection to the identified service according to configured rules).
One would have been motivated to detect that a service level parameter is breached, a notification of the breach is transmitted to the digital platform. The notification may trigger connection of an alternative centralized or decentralized distributed service to the client devices (LEVITT: abstract).

Regarding Claim4;
The combination of Zorlular and LEVITT disclose the server of claim 1,
Zorlular discloses wherein the instructions further configure the processor to: determine, based on a signal received from the remote computing device indicating selection of the first selectable option, that data sharing with the third party server is to be modified based on the change in risk parameter; and modify the data sharing associated with the third party server (Zorlular: par 0084; if the risk estimate exceeds the threshold or the threshold plus the random value control passes wherein an alert is generated to indicate to an analyst information regarding a probably cyber-attack against the resource; par 0089; the warning system moves on depending on the analyst's response. If the analyst chooses to dismiss the alert, the warning system will adjust the weight table; par 0085; the resource event history is updated to reflect the new alert or the new event, whatever the case may be. For example, the warning system accessing a database storing all events and alerts for a given resource and inserting a record indicating the new event or alert, the date and time of occurrence, the risk estimate and other contextual data that may have been accessed during one of the preceding).

Regarding Claim 7; 
The combination of Zorlular and LEVITT disclose the server of claim 1,
Zorlular discloses wherein the instructions further configure the processor to: generate a risk profile for a user of the remote computing device (Zorlular: par: 0088; a web server or other type of user interface engine may be configured and/or designed to generate user interface data useable for rendering the interactive user interfaces, such as an application and/or a dynamic web page displayed within the analyst's device); determine that a risk profile associated with the third party server is not compliant with the risk profile for the user (Zorlular: par 0084; the risk estimate as determined is compared against a threshold or in an alternative embodiment is compared against a threshold plus a random value. If the risk estimate exceeds the threshold or the threshold plus the random value control passes wherein an alert is generated; par 0089; the warning system marks the alert as historic, indicating that no risk is associated with the alert any longer. When an alert is marked as historic, the warning system also recalculates the resource risk score and global risk score to reflect the removal of the alerts); and responsive to determining that the risk profile associated with the third party server is not compliant with the risk profile for the user: send, to the remote computing device and via the communications module, the notification that includes the first selectable option to modify data sharing associated with the third party server and the second selectable option to replace the third party server with the alternative third party server (Zorlular: par: 0088; a web server or other type of user interface engine may be configured and/or designed to generate user interface data useable for rendering the interactive user interfaces, such as an application and/or a dynamic web page displayed within the analyst's device; par 0089; after the alert has been presented, the warning system leaving the set of weights unchanged. After an alert has been responded to by an analyst, the warning system marks the alert as historic, indicating that no risk is associated with the alert any longer. When an alert is marked as historic, the warning system also recalculates the resource risk score and global risk score to reflect the removal of the alerts).
LEVITT further discloses replace the third party server with an alternative third party server (LEVITT: page 26; taking an action if a service level parameter breach is detected. In some cases, an action may be taken in anticipation of a breach or predicted breach. The digital platform notified of the breach which, in turn, may forward the notification to the insurer service. This may trigger the external third party, in this exemplary application the insurer service, to locate another external third party providing the same service and switching to that service).
One would have been motivated to detect that a service level parameter is breached, a notification of the breach is transmitted to the digital platform. The notification may trigger connection of an alternative centralized or decentralized distributed service to the client devices (LEVITT: abstract).

Regarding Claim 8;
The combination of Zorlular and LEVITT disclose the server of claim 1, 
Zorlular discloses wherein the instructions further configure the processor to: receive, from the remote computing device and via the communications module, a signal representing an updated preference (Zorlular: par 0085; the resource event history is updated to reflect the new alert or the new event, whatever the case may be. For example, the warning system accessing a database storing all events and alerts for a given resource and inserting a record indicating the new event or alert, the date and time of occurrence, the risk estimate and other contextual data that may have been accessed during one of the preceding); determine that a risk profile associated with the third party server is not compliant with the updated preference (Zorlular: par 0085; the resource event history is updated to reflect the new alert or the new event; par 0084; the risk estimate as determined is compared against a threshold or in an alternative embodiment is compared against a threshold plus a random value. If the risk estimate exceeds the threshold or the threshold plus the random value control passes wherein an alert is generated; par 0089; the warning system marks the alert as historic, indicating that no risk is associated with the alert any longer. When an alert is marked as historic, the warning system also recalculates the resource risk score and global risk score to reflect the removal of the alerts); and responsive to determining that the risk profile associated with the third party server is not compliant with the updated preference: send, to the remote computing device and via the communications module, the notification that includes the first selectable option to modify data sharing associated with the third party server and the second selectable option to replace the third party server with the alternative third party server (Zorlular: par: 0088; a web server or other type of user interface engine may be configured and/or designed to generate user interface data useable for rendering the interactive user interfaces, such as an application and/or a dynamic web page displayed within the analyst's device; par 0089; after the alert has been presented, the warning system leaving the set of weights unchanged. After an alert has been responded to by an analyst, the warning system marks the alert as historic, indicating that no risk is associated with the alert any longer. When an alert is marked as historic, the warning system also recalculates the resource risk score and global risk score to reflect the removal of the alerts).
LEVITT further discloses replace the third party server with an alternative third party server (LEVITT: page 26; taking an action if a service level parameter breach is detected. In some cases, an action may be taken in anticipation of a breach or predicted breach. The digital platform notified of the breach which, in turn, may forward the notification to the insurer service. This may trigger the external third party, in this exemplary application the insurer service, to locate another external third party providing the same service and switching to that service).
One would have been motivated to detect that a service level parameter is breached, a notification of the breach is transmitted to the digital platform. The notification may trigger connection of an alternative centralized or decentralized distributed service to the client devices (LEVITT: abstract).
Regarding Claim 9;
The combination of Zorlular and LEVITT disclose the server of claim 1,
Zorlular discloses wherein the detecting the change in the risk parameter includes at least one of: determining that a data breach associated with the third party server has occurred; determining that an application associated with the third party server has not been used for at least a predetermined period of time; determining that a score associated with the third party server has changed by at least a predetermined amount; determining that data access by the third party server has changed; determining that the third party server is not accessing at least some data that the server is with the third party server; and determining that the third party server is accessing data that is not required by the third party server (Zorlular: par: 0088; a web server or other type of user interface engine may be configured and/or designed to generate user interface data useable for rendering the interactive user interfaces, such as an application and/or a dynamic web page displayed within the analyst's device; par 0084; the risk estimate as determined is compared against a threshold or in an alternative embodiment is compared against a threshold plus a random value. If the risk estimate exceeds the threshold or the threshold plus the random value control. wherein an alert is generated to indicate to an analyst information regarding a probably cyber-attack against the resource. For example, the alert may comprise information about the time and date that the suspicious activity occurred, what resource is being put at risk, what users, what servers and what type of services are involved in the suspicious activity, and what the estimated risk is)
Regarding Claim 11;
This Claim recites a method that perform the same steps as server of Claim 1, and has limitations that are similar to Claim 1, thus are rejected with the same rationale applied against claim 1.  


Regarding Claim 13;
This Claim recites a method that perform the same steps as server of Claim 3, and has limitations that are similar to Claim 3, thus are rejected with the same rationale applied against claim 3.  
Regarding Claim 14;
This Claim recites a method that perform the same steps as server of Claim 4, and has limitations that are similar to Claim 4, thus are rejected with the same rationale applied against claim 4.  

Regarding Claim 17;
This Claim recites a method that perform the same steps as server of Claim 7, and has limitations that are similar to Claim 7, thus are rejected with the same rationale applied against claim 7.  

Regarding Claim 18;
This Claim recites a method that perform the same steps as server of Claim 8, and has limitations that are similar to Claim 8, thus are rejected with the same rationale applied against claim 8.  

Regarding Claim 19;
This Claim recites a method that perform the same steps as server of Claim 9, and has limitations that are similar to Claim 9, thus are rejected with the same rationale applied against claim 9.  

Regarding Claim 20;
This Claim recites a non-transitory computer readable storage medium that perform the same steps as server of Claim 1, and has limitations that are similar to Claim 1, thus are rejected with the same rationale applied against claim 1.  

Claims 2 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Zorlular et al. (US 20180183827) in view of LEVITT et al. (WO 2019049042) and further in view of Rus et al. (“Rus,” US 9,846,895, published on 12/19/2017)
Regarding Claim2;
The combination of Zorlular and LEVITT disclose the server of claim 1, 
The combination of Zorlular and LEVITT disclose all the limitations as recited above, but do not explicitly disclose wherein the instructions further configure the processor to: identify, based on category data associated with the third party server, the alternative third party server.  
However, in an analogous art, Rus discloses automatic generation and management system/method that includes:
wherein the instructions further configure the processor to: identify, based on category data associated with the third party server, the alternative third party server (Rus: Col 9, lines 49-51; identifies one or more categories and/or sub-categories indicated by the data for the third-party listing).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Rus with the method/system of Hosp and LEVITT to include wherein the instructions further configure the processor to: identify, based on category data associated with the third party server, the alternative third party server. One would have been motivated to an identifier associated with a listing posted over a third-party service from a user of the third-party service is received. Listing data for the listing is retrieved from the third-party service using the identifier associated with the listing (Rus: abstract).

Regarding Claim 12;
This Claim recites a method that perform the same steps as server of Claim 2, and has limitations that are similar to Claim 2, thus are rejected with the same rationale applied against claim 2.  

Claims 5 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Zorlular et al. (US 20180183827) in view of LEVITT et al. (WO 2019049042) and further in view of Aggarwal et al. (“Aggarwal,” US 20200366682, filed on 05/13/2019)


Regarding Claim 5;
The combination of Zorlular and LEVITT disclose the server of claim 4,
The combination of Zorlular and LEVITT disclose all the limitations as recited above, but do not explicitly disclose wherein modifying the data sharing associated with the third party server includes at least one of revoking an access token previously issued to the third party server and modifying an access permission associated with the access token previously issued to the third party server.  
However, in an analogous art, Aggarwal discloses risk and value modeling system/method that includes:
wherein modifying the data sharing associated with the third party server includes at least one of revoking an access token previously issued to the third party server and modifying an access permission associated with the access token previously issued to the third party server (Aggarwal: par 0027; fig. 3C; the computing environment can include an environment or system for providing or delivering access to a plurality of shared services and resources to a plurality of users through the internet. par 0083; the resource server can identify existing resources that the application currently has access to and determine that, based on the new increased risk score, access to the one or more resources for the application should be revoked or blocked. The resource server can revoke resource tokens mapped to the one or more resources to revoke access to the one or more resources).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Aggarwal with the method/system of Zorlular and LEVITT to include wherein modifying the data sharing associated with the third party server includes at least one of revoking an access token previously issued to the third party server and modifying an access permission associated with the access token previously issued to the third party server. One would have been motivated to use the risk and value scores to determine access to a particular resource for a requested application. The resource server can assign a first allocation of resource tokens to an application. The resource tokens can correspond to access privileges to plurality of resources. The resource server can dynamically modify the resource allocation for applications responsive to changes to a risk score or value score of a respective application (Aggarwal: abstract).

Regarding Claim 15;
This Claim recites a method that perform the same steps as server of Claim 5, and has limitations that are similar to Claim 5, thus are rejected with the same rationale applied against claim 5.  




Claims 6, 10 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Zorlular et al. (US 20180183827) in view of LEVITT et al. (WO 2019049042) and further in view of Hosp et al. (“Hosp,” US 20150332276, published on 11/19/2015)

Regarding Claim 6;
The combination of Zorlular and LEVITT disclose the server of claim 1, 
The combination of Zorlular and LEVITT disclose all the limitations as recited above, but do not explicitly disclose wherein the instructions further configure the processor to: receive, from the remote computing device and via the communications module, a signal representing an indication of consent to share data with the third party server; in response to receiving the indication of consent, issue an access token to the third party server, the access token for accessing data.  
However, in an analogous art, Hosp discloses data sharing platform system/method that includes:
wherein the instructions further configure the processor to: receive, from the remote computing device and via the communications module, a signal representing an indication of consent to share data with the third party server (Hosp: par 0005; fig. 5; a user interface which presents the at least one entity which makes payments with the payment network with at least one selection providing consent to sharing of at least a portion of the transaction data with at least one third party; par 0057; a consumer's raw transaction data (with appropriate consents) can be provided from PNO to site); in response to receiving the indication of consent, issue an access token to the third party server, the access token for accessing data (Hosp: par 0057; fig. 5; a consumer's raw transaction data (with appropriate consents) can be provided from PNO to site; par 0099; after a cardholder approves an entity for data sharing or access to data, web server generates a secure token [] the entity sends a message with the secure token to web server), the access token for accessing data (Hosp: par 0099; the secure token is stored in a table in association with the cardholder's card number and is shared with the entity for use by the entity when requesting data from the data sharing platform).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Hosp with the method/system of Zorlular and LEVITT to include wherein the instructions further configure the processor to: receive, from the remote computing device and via the communications module, a signal representing an indication of consent to share data with the third party server; in response to receiving the indication of consent, issue an access token to the third party server, the access token for accessing data. One would have been motivated to provide consent to sharing of at least a portion of the transaction data with at least one third party. The consent from the at least one entity which makes payments with the payment network is obtained, via the at least one selection (Hosp: abstract).




Regarding Claim 10;
The combination of Zorlular and LEVITT disclose the server of claim 1, 
The combination of Zorlular and LEVITT disclose all the limitations as recited above, but do not explicitly disclose wherein the data sharing option is based on an indication of consent for an authenticated entity associated with the remote computing device.  
However, in an analogous art, Hosp discloses data sharing platform system/method that includes:
wherein the data sharing option is based on an indication of consent for an authenticated entity associated with the remote computing device (Hosp: par 0005; fig. 5; a user interface which presents the at least one entity which makes payments with the payment network with at least one selection providing consent to sharing of at least a portion of the transaction data with at least one third party; par 0057; a consumer's raw transaction data (with appropriate consents) can be provided from PNO to site).  
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Hosp with the method/system of Zorlular and LEVITT to include wherein the data sharing option is based on an indication of consent for an authenticated entity associated with the remote computing device. One would have been motivated to provide consent to sharing of at least a portion of the transaction data with at least one third party. The consent from the at least one entity which makes payments with the payment network is obtained, via the at least one selection (Hosp: abstract).

Regarding Claim 16;
This Claim recites a method that perform the same steps as server of Claim 6, and has limitations that are similar to Claim 6, thus are rejected with the same rationale applied against claim 6.  




Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHAO WANG whose telephone number is (313)446-6644.  The examiner can normally be reached on Monday-Friday 7:30-4:30PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/C.W./Examiner, Art Unit 2439 



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439