Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
	Claims 1-20 are presented for examination.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 7/14/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Drawings
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(4) because reference characters "65" and "140" have both been used to designate data owning computing entities. Fig 4C uses reference characters “140” and should use “65” to be consistent with the description in [0077] and Figs 4A and 4B.  Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.

Specification
The disclosure is objected to because of the following informalities:
Section [0082] recites “The data processing system then queries (2a-2b) the data owner computing entities 140 to determine an amount of data records available for use in processing the data processing request.”.  Figs 5A-5J illustrate data owner computing entities as 65.  Section [0082] should recite “The data processing system then queries (2a-2b) the data owner computing entities 65
Appropriate correction is required.

Claim Objections
Claims 1 and 11 are objected to because of the following informalities:  The claims recite “wherein the proxy is the only conduit between the virtual vault and the data owner system”.    There was no prior reference to a conduit.  The claim is interpreted as “an.  Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 9 and 19 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 9 and 19 recite the limitation "modifying, by the virtual machine, a data record of the data” (italics added).  The data is indefinite, it could be “the data query”, “the data response” or “the data requested”.  
For purposes of examination “the data” is interpreted as “the data response”1.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 11-20 rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because claim 11 recites “a computer readable storage medium”.  The specification does not exclude transitory media from the computer readable storage medium, and therefore it could be transitory media and non-statutory.  The claims can be remedied by reciting “a non-transitory computer readable storage medium”

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 5-6, 8, 11-13, 15-16 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Baugher (2006/0156392) in view of Brown (2019/0121960)

Regarding claim 1, Baugher teaches
a method comprises: 
creating, by a data processing system, a proxy for a device to access a data owner system in accordance with a temporary credential protocol between the data processing system and the data owner system, (Baugher [0084] FIGS. 12 and 13 show a delivery path of a licensed work from a source 1210 to a sink 1240 according to embodiments of the present invention. Key management messages flow across all or part of the path. One or more hub devices (gateway 1220) may separate the source 1210 and sink 1240. A hub that acts as a localization gateway proxies a connection between two different localization schemes  [0035] This diagram defines how a network-service credential is initialized in non-volatile apparatus memory, maintained, deleted, and replaced with another credential. ) (Examiner Note: source satisfies data owner system, sink satisfies data processing system, hub device satisfies a device (mechanism) to proxy between the data processing system and data owner system; network-service credential can be temporary) wherein the proxy is the only conduit between the device and the data owner system;  (Baugher  [0089] In another embodiment, with reference still to FIG. 13, proxy 1235 passively acquires a key when the proxy 1235 is authorized to do so by the particular licensing authority. In such a "man-in-the-middle" embodiment, the proxy 1235 changes the messages between the source 1210 and the sink 1240 as a method to obtain the plaintext key. In contrast to the "man-in-the-middle" attack, here the man-in-the-middle is legitimate (when the proxy 1235 is authorized to function as a man-in-the-middle by the relevant authority). (Examiner Note: Man-in-the-Middle satisfies only conduit)
receiving, by the proxy, a request from a device, wherein the request is requesting data from the data owner system; (Baugher [0104] In step 1710 of FIG. 17, in one embodiment, a request for an item of content is received from a sink device  [0105] In step 1720, for the requested item of content, the gateway converts the first localization method)
when the request is valid, creating by the proxy, a data retrieval request based on the request and data access credentials associated with the data owner system;  (Baugher [0048] In step 530, the network device presents the credential as part of a request for content or service. The request may be made to the hub itself, or to a firewall that accepts the hub credentials, or to a provider of licensed data such as movies.  The hub, gateway, or server, etc., uses the credential to authenticate the device, wherein upon authentication the authorized device is provided access to the service.  [0094] In the example of FIG. 14, sink 1420 authenticates itself to source 1410 in order to establish that sink 1420 is authorized to receive an item of content (data) from source 1410)
forwarding, by the proxy, a data response from the data owner system to the device; and (Baugher [0049] In summary, a signed credential (a network-service credential) is used to enable and control data access on a network when the data is private [0105] The item of content can then be forwarded to the sink device according to the second localization method and protocol.)  
deleting, by the data processing system, the proxy and the device when a data query has been completed, wherein the request is in accordance with the data query  (Baugher [0035] This diagram defines how a network-service credential is initialized in non-volatile apparatus memory, maintained, deleted, and replaced with another credential.  [0036] A DELETE operation erases credential memory to disable the apparatus. This state is referred to in the state transition diagram 200 as "EMPTY" 230.)  (Examiner Note: Baugher teaches authentication of the proxy, if the authentication fails the proxy is not legitimate [0086]-[0089])
Baugher teaches a localization hub2 as the intermediary gateway proxy but does not teach a virtual machine within the virtual vault.  A virtual vault is interpreted as device with security protection such as a secure enclave.
However Brown teaches virtual machine within the virtual vault (Brown, [0074] While FIG. 5 depicts the control plane element (the software defined function) hosted within the secure enclave 504 instantiated within a virtual machine or container, an alternative approach is to have the software defined function instantiated as a virtual machine or container inside the secure enclave. [0076] Preferably, the secure enclave takes the form of a container or virtual machine having a limited device tree to minimize internal attack surfaces. ) (Examiner Note: Baugher’s proxy is analogous to Brown’s software defined function, a software function running in a vault/protected area) 
Baugher teaches the localization hub can be located in different locations3.  It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Brown’s virtual machine in a secure enclave with Baugher’s access control hub because doing so protects information (Baugher, [0065] Disclosed herein is a system for storing, protecting and distributing consumer information.) (Brown, [0066] Still another approach to protecting data-in-use is an "enclave,")

Regarding claim 2, Baugher and Brown teach
the method of claim 1 further comprises: creating, by the data processing system, a proxy container, wherein the proxy container includes the proxy  (Brown, [0076] Preferably, the secure enclave takes the form of a container or virtual machine having a limited device tree to minimize internal attack surfaces.  [0074] While FIG. 5 depicts the control plane element (the software defined function) hosted within the secure enclave 504 instantiated within a virtual machine or container, an alternative approach is to have the software defined function instantiated as a virtual machine or container inside the secure enclave.). 
Brown combined with Baugher for the same reasons as claim 1. 

Regarding claim 3, Baugher and Brown teach
the method of claim 2 further comprises: 
creating, by the data processing system, temporary storage within the proxy container, wherein the temporary storage stores the data access credentials of the proxy (Brown, [0066] An enclave approach differs from simply memory encryption in that it uses special registers and circuits that sit between the memory unit and the processor and that hold the key necessary to decrypt/encrypt the data from/to memory, and preferably no other place (including the operating system) stores the key.)  
Brown combined with Baugher for the same reasons as claim 1.

Regarding claim 5, Baugher and Brown teach
the method of claim 1, wherein the data access credentials include one or more of: 
a token; 
a public/private keypair; (Baugher [0034] With reference to FIG. 1, transactions on the arcs are confidential and integrity-protected. In one embodiment, source, sink, and hub devices each have a public/private keypair.)
multi-factor authentication; 
a username; 
a password; and 
an access key identifier and secret access key.  

Regarding claim 6, Baugher and Brown teach
the method of claim 1 further comprises: 
receiving, by the proxy, a second request from the virtual machine within the virtual vault, wherein the second request is requesting second data from the data owner system; (Baugher, [0086] Referring to FIG. 13, the sink 1240 initiates an exchange with the source 1210, which has licensed content (data) that the sink 1240 is seeking to access.) (Brown, [0074] While FIG. 5 depicts the control plane element (the software defined function) hosted within the secure enclave 504 instantiated within a virtual machine or container, an alternative approach is to have the software defined function instantiated as a virtual machine or container inside the secure enclave)  (Examiner Note: Baugher does not teach denying a second request for second data when sink has access)
when the second request is valid, creating by the proxy, a second data retrieval request based on the second request and data access credentials of the proxy with respect to the data owner system; and (Baugher [0048] In step 530, the network device presents the credential as part of a request for content or service. The request may be made to the hub itself, or to a firewall that accepts the hub credentials, or to a provider of licensed data such as movies.  The hub, gateway, or server, etc., uses the credential to authenticate the device, wherein upon authentication the authorized device is provided access to the service.  [0094] In the example of FIG. 14, sink 1420 authenticates itself to source 1410 in order to establish that sink 1420 is authorized to receive an item of content (data) from source 1410)
forwarding, by the proxy, a second data response from the data owner system to the virtual machine (Baugher [0105] The item of content can then be forwarded to the sink device according to the second localization method and protocol).  
Brown combined with Baugher for the same reasons as claim 1. 

Regarding claim 8, Baugher and Brown teach
the method of claim 1 further comprises: 
receiving, by the proxy, a second request from the virtual machine within the virtual vault, (Baugher [0104] In step 1710 of FIG. 17, in one embodiment, a request for an item of content is received from a sink device) (Brown [0076] Preferably, the secure enclave takes the form of a container or virtual machine having a limited device tree) wherein the second request is requesting second data from a second data owner system; (Baugher [0102] Although gateway 1430 is described as an element separate from the other devices (e.g., sinks and sources) in LAN 1400, the functionalities provided by gateway 1430 can alternatively be implemented on any of the devices in LAN)  (Examiner Note:  Baugher teaches a plurality of sources which satisfies second data owner system)
when the second request is valid, creating by the proxy, a second data retrieval request based on the second request and data access credentials of the proxy with respect to the second data owner system; and machine (Baugher [0049] In summary, a signed credential (a network-service credential) is used to enable and control data access on a network when the data is private)
forwarding, by the proxy, a second data response from the second data owner system to the virtual machine (Baugher [0105] The item of content can then be forwarded to the sink device according to the second localization method and protocol.)
Brown combined with Baugher for the same reasons as claim 1.

Claims 11-13, 15-16 and 18 are medium claims for the method claims 1-3, 5-6 and 8 and are rejected for the same reasons as claims 1-3, 5-6 and 8.

Allowable Subject Matter
Claims 4, 7, 9-10, 14, 17 and 19-20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims and curing any objections or rejections.  Claims 9 and 19 need the 112(b) rejection cured, and claims 11, 14, 17 and 19-20 need the 101 rejection cured.
Each of the objected dependent claims has a limitation that is not obvious to combine with Baugher and Brown, e.g. analysis container (for data mining )(4), a second virtual machine within the virtual vault (7), modifying records (9) and temporary storage agreements (10).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Ortiz (2020/0014691) teaches distributing consumer information and secure enclaves.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRUCE S ASHLEY whose telephone number is (571)270-0315. The examiner can normally be reached 9-5 PDT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jay Kim can be reached on 571-272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BRUCE S ASHLEY/               Examiner, Art Unit 2494                                                                                                                                                                                         


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 See Fig. 5H and specification section [0096] where the VM proxy forwards/outputs the result 12(b)
        2 (Baugher [0085] The gateway 1225 and the proxy 1235 are logical functions that may be co-located in the same physical device (e.g., the proxy 1235 might be integrated into the sink's gateway 1225). [0084] One or more hub devices (gateway 1220) may separate the source 1210 and sink 1240. A hub that acts as a localization gateway proxies a connection between two different localization schemes)
        3 (Baugher [0084] In the example of FIG. 12, the proxy 1230 is behind the sink's gateway and thus is on the sink's network, which in one embodiment is a private, home network. The gateway 1220 and the proxy 1230 are logical functions that may be co-located in the same physical device (e.g., the proxy 1230 might be integrated into the sink's gateway 1220  [0102] Although gateway 1430 is described as an element separate from the other devices (e.g., sinks and sources) in LAN 1400, the functionalities provided by gateway 1430 can alternatively be implemented on any of the devices in LAN)