DETAILED ACTION
This is a non-final office action in response to applicant’s communication filed on 06/04/2021.
Claims 1-20 are pending and being considered.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority
Applicant’s claim for the benefit of a prior-filed application (No. 62/901,648, filed on 9/17/2019) under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, 365(c), or 386(c) is acknowledged. This application is filed as continuation of 16/741,666 now US Patent No. 11,032,062 B2.
Claim Objections
Claims 1-2, 4-7, 10, 12-14, 17-20 are objected to because of the following informalities:  
Applicant is suggested to clarify antecedent basis for limitation “permission” in the claims shown below as examples:
Claim 1 line 6, “… indicating permission to perform …” may read “… indicating the permission to perform …”; 
Claim 2 line 3, line 5, “… wherein the user input grants permission to …” may read “… wherein the user input grants the permission to …”, “modifying … to indicate permission for …” may read “modifying … to indicate the permission for …”;
Similarly, claim 4 line 2, line 5; claim 6 line 3, line 6; claim 7 line 2; claim 12 line 4; claim 13 line 2; claim 17 line 11; claim 18 line 6; claim 19 line 4; claim 20 line 7.
Claim 5 lines 4-5, “and the additional data processing permit fails to …” appears to recite “and when the additional data processing permit fails to …”.
Claim 7 line 3, “wherein deleting …” may read “wherein the deleting …”.
Claim 10 line 5, “a result of performing …” may read “a result of the performing …”.
Claim 12 last line, “… based at least in part on deleting …” may read “… based at least in part on the deleting …”.
Claim 13 lines 5-6, “wherein deleting …” may read “wherein the deleting …”.
Claim 14 lines 2-3, “… based at least in part on deleting …” may read “… based at least in part on the deleting …”.
Claim 17 line 4, recites “instructions stored in the memory and executable by the processor to …” may read “instructions stored in the memory and executed by the processor to …”.
similarly claim 20 line 2, “… instructions executable by a processor to” may read “… instructions executed by a processor to”.
Claim 18 line 2, “executable by the processor …” may read “executed by the processor …”. Similarly, claim 19 line 2.
Corrective action is required.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1, 17 and 20 are rejected on the ground of nonstatutory double patenting as being anticipated by corresponding claims of US Patent No. 11,032,062 B2 (hereinafter, “’062”).
Claim 1 (or claim 7) of ‘062 discloses all of the limitations recited in claim 1 (similarly claim 17, 20) of the instant application, as seen in the table below. Although the claim limitations are not identical but they are not patentably distinct.
Claims Comparison Table
Instant Application 17/339,780
US Patent No. 11,032,062 B2
Claim 1 (similarly claim 17, 20). 
A method for managing data privacy for a system, comprising: 





2storing a data processing permit indicating permission to perform a data 3processing activity on a set of data; 



4receiving a request to perform the data processing activity on a data object; 




5identifying that the data processing permit supports the request based at least 6in part on the data processing permit indicating permission to perform the data processing 7activity on the set of data and based at least in part on the set of data comprising the data 8object; 































9identifying a permit key comprising a pointer pointing to the data processing 10permit based at least in part on the data processing permit supporting the request, wherein the 11permit key permits access to a plaintext version of the data object; 

12decrypting an encrypted version of a cryptographic key using the permit key to 13obtain the cryptographic key; and 



14decrypting a ciphertext version of the data object using the cryptographic key 15to obtain the plaintext version of the data object.
Claim 1 (or claim 19, or claim20). 
A method for managing data privacy for a system comprising a processor, memory coupled with the processor, and instructions stored in the memory, that when executed by the processor, cause the system to perform the method, comprising: 

storing a set of data processing permits, wherein each data processing permit of the set of data processing permits comprises a respective associated data processing activity; 

receiving a request to perform the associated data processing activity; 

receiving a plaintext data object for the system; 

identifying a data processing permit of the set of data processing permits applicable to the plaintext data object and permitting the system to store the plaintext data object to support the associated data processing activity for the identified data processing permit; 

determining to encrypt and store the plaintext data object based at least in part on the identifying the data processing permit applicable to the plaintext data object; encrypting, based at least in part on the determining to encrypt and store the plaintext data object, the plaintext data object using a cryptographic key to obtain a ciphertext object; 

encrypting the cryptographic key using a permit key comprising a pointer pointing to the identified data processing permit, wherein the encrypted cryptographic key is associated with an identifier indicating the permit key; 

identifying that the identified data processing permit supports the request based at least in part on the associated data processing activity for the identified data processing permit; 

retrieving the ciphertext object, the encrypted cryptographic key, and the identifier indicating the permit key based at least in part on the receiving the request and the identifying that the identified data processing permit supports the request; 

identifying the permit key that permits access to the plaintext data object based at least in part on the identifier indicating the permit key and the identifying that the identified data processing permit supports the request; 

decrypting the encrypted cryptographic key using the permit key to obtain the cryptographic key based at least in part on the identifying the permit key that permits access to the plaintext data object; and 

decrypting the ciphertext object using the cryptographic key to obtain the plaintext data object.


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1-2, 4, 8-11, 15-18, 20 are rejected under 35 U.S.C. 102(a)(1)  as being anticipated by Sitrick et al (US20080092239A1, hereinafter, "Sitrick").
Regarding claim 1, Sitrick teaches:
A method for managing data privacy for a system (Sitrick, discloses data rights management to a secured system for securely utilizing, controlled distribution and usage of protected electronic data files of content on a recipient device to be limited strictly to defined permitted uses, in accordance with usage rights, see [Abstract]), comprising: 
2storing a data processing permit indicating permission to perform a data 3processing activity on a set of data (Sitrick, [0067] to further encrypt for a specific recipient device …, an Appliance ID provided by that specific recipient device … is used by the trusted provider (production system) to encrypt the respective associated production key that was utilized for encrypting of respective associated selected files of original content (and associated ticket, where present) as used to generate the respective encrypted content… Also see Fig. 15, Store ticket (i.e. data processing permit) 450. Also referring to Fig. 28, and [0101] illustrating processing in the recipient device of decrypted original content which original content is itself representative of a ticket defining usage rights for an associated data file, where the recipient device is responsive to a usage request for use of the respective associated data file, and regulates the usage on the recipient device of the associated data file as restricted to the defined usage rights for permitted usage as is granted by the permissions of the ticket of the original content, to provide for regulated permitted usage of the associated data file by the recipient device, such as printing, viewing, exporting, saving,…); 
4receiving a request to perform the data processing activity on a data object (Sitrick, [0272] Responsive to a requested usage input (502) (i.e. request), indicating a request for usage (such as viewing or printing, or other usage privileges) (i.e. data processing activity), the usage logic (501) is responsive to the ticket rights output and reduced usage output from the ticket logic (440)); 
5identifying that the data processing permit supports the request based at least 6in part on the data processing permit indicating permission to perform the data processing 7activity on the set of data and based at least in part on the set of data comprising the data 8object (Sitrick, [0069] there are tickets (or associated control data) [defining rights], associated with, or included with, or integrated within the original (and encrypted) content. Also referring to Fig. 13, and [0327] Ticket data generation logic (405) processes the inputs of rights (402), allowed usage (403) (i.e. data processing activity) and a ticket ID (404) to generate (according to defined logic) a respective ticket output (406) that is coupled as a data input to ticket encryption logic (407)); 
9identifying a permit key comprising a pointer pointing to the data processing 10permit based at least in part on the data processing permit supporting the request, wherein the 11permit key permits access to a plaintext version of the data object (Sitrick, [0067] to further encrypt for a specific recipient device …, an Appliance ID (i.e. permit key) provided by that specific recipient device … is used by the trusted provider (production system) to encrypt the respective associated production key that was utilized for encrypting of respective associated selected files of original content (and associated ticket, where present) as used to generate the respective encrypted content… Also see Fig. 15, store ticket (i.e. data processing permit) at 450). Examiner notes that claim recites “a pointer” without specifying what the pointer is. It can be interpreted as a device or recipient that is associated with appliance ID (i.e. permit key) for data processing permit; 
12decrypting an encrypted version of a cryptographic key using the permit key to 13obtain the cryptographic key (Sitrick, Referring to Fig, 9, and [0322] which utilizes the Appliance ID as the decryption key (i.e. permit key) to decrypt the encrypted production key (188) to generate a production key copy (240). Also refer to Fig. 19 at step 562 Production Key Decryption Logic, using Appliance ID and decryption key to decrypt encrypted production key to decrypted production key); 
and 14decrypting a ciphertext version of the data object using the cryptographic key 15to obtain the plaintext version of the data object (Sitrick, Fig. 9 Decryption of Content outputs Unencrypted content at 200, and [0322] and utilizes the production key copy to decrypt an encrypted content copy (220). Also see Fig. 19 at 552 to decrypt EC (encrypted content) to decrypted content using decrypted production key (DPK)).  

Regarding claim 17, claim 17 is an apparatus claim that encompasses limitations that are similar to those of the method claim 1. Therefore, claim 17 is rejected with the same rationale as applied against claim 1. In addition, Sitrick teaches 1an apparatus for managing data privacy (Sitrick, discloses data rights management to a secured system for securely utilizing, controlled distribution and usage of protected electronic data files of content on a recipient device to be limited strictly to defined permitted uses, in accordance with usage rights, see [Abstract]), comprising: 2a processor; 3memory coupled with the processor; and 4instructions stored in the memory and executable by the processor 5(Sitrick, [0120] each recipient device comprised of a computer subsystem (processor, memory, display, etc.) running an (authorized, validated) executable application software program. And [0202] The provider subsystem 104 provides a host computing subsystem comprising a processor, storage, and running respective production application software).  

Regarding claim 20, claim 20 is a computer-readable medium claim that encompasses limitations that are similar to those of the method claim 1. Therefore, claim 20 is rejected with the same rationale as applied against claim 1. In addition, Sitrick teaches a non-transitory computer-readable medium storing code for 2managing data privacy, the code comprising instructions executable by a processor (Sitrick, discloses data rights management to a secured system for securely utilizing, controlled distribution and usage of protected electronic data files of content on a recipient device to be limited strictly to defined permitted uses, in accordance with usage rights, see [Abstract]. And [0120] each recipient device comprised of a computer subsystem (processor, memory, display, etc.) running an (authorized, validated) executable application software program).

Regarding claim 2, Sitrick further teaches the method of claim 1, 
further comprising: 2receiving user input from a user, wherein the set of data comprises information 3related to the user, and wherein the user input grants permission to a specific organization to 4perform the data processing activity on the set of data (Sitrick, [0071] Optionally, for another level of appliance specific protection, in addition to the above, a user must obtain an appliance specific key (e.g., a password, a hardware component or otherwise) for use in their particular computer in order to access the protected content (i.e. information). And [0386] in accordance with a permission usage rights ticket associated with respective specific decrypted content [DC], or in accordance with embedded usage rights in the encrypted content, or in accordance with predefined default usage rights defined by the associated application software on the recipient device (as per selected design standards and where applicable, user selection of preferences) (i.e. user input)); and 5modifying the data processing permit to indicate permission for the specific 6organization to perform the data processing activity on the set of data based at least in part on 7the user input (Sitrick, [0276]  Additionally, a used indicator, where present, will need to be updated when a right is used... Additionally, a used indicator, where present, will need to be updated when a right is used.... if rights are still available, the decrypted ticket is modified to update the decrypted used indicator, and the updated ticket and updated used indicator are then encrypted with the production key, and then the encrypted (updated) (i.e. modifying) ticket is stored within the recipient device (204) for later use…). Examiner notes, the claim recites specific organization without defining what the specific organization is. The specific organization may be interpreted as any user device, appliance, etc.

Regarding claim 4, similarly claim 18, Sitrick further teaches the method of claim 1, the apparatus of claim 17, 
further comprising: 2receiving user input from a user, wherein the user input grants permission to a 3specific organization to perform an additional data processing activity on an additional set of data comprising information related to the user (Sitrick, [0071] Optionally, for another level of appliance specific protection, in addition to the above, a user must obtain an appliance specific key (e.g., a password, a hardware component or otherwise) for use in their particular computer in order to access the protected content (i.e. information)); and H&H Ref. No.: P002.01.01 (105310.0007)Ketch Kloud, Inc. - Data Processing Permits System with Keys595generating an additional data processing permit indicating permission for the 6specific organization to perform the additional data processing activity on the additional set 7of data based at least in part on the user input (Sitrick, [0386] in accordance with a permission usage rights ticket associated with respective specific decrypted content [DC], or in accordance with embedded usage rights in the encrypted content, or in accordance with predefined default usage rights defined by the associated application software on the recipient device (as per selected design standards and where applicable, user selection of preferences (i.e. user input)). Examiner notes the same teachings of Sitrick can apply to the additional set of data as the set of data since the additional set of data is independent from the set of data.  

Regarding claim 8, Sitrick further teaches the method of claim 1, 
further comprising: 2storing a plurality of data processing permits, wherein each data processing 3permit of the plurality of data processing permits indicates permission to perform a respective 4data processing activity on a respective set of data (Sitrick, [0101] illustrating processing in the recipient device of decrypted original content which original content is itself representative of a ticket defining usage rights for an associated data file, where the recipient device is responsive to a usage request for use of the respective associated data file, and regulates the usage on the recipient device of the associated data file as restricted to the defined usage rights for permitted usage as is granted by the permissions of the ticket of the original content, to provide for regulated permitted usage of the associated data file by the recipient device, such as printing, viewing, exporting, saving,… and [0104] FIG. 28 illustrates a flow chart and state flow diagram for implementing additional security within the recipient device, by storing the decrypted ticket at least in part, in a plurality of locations within storage of the recipient device).  

Regarding claim 9, Sitrick further teaches the method of claim 8, 
further comprising: 2receiving an additional request to perform an additional data processing activity on the data object (Sitrick, [0272] Responsive to a requested usage input (502) (i.e. request), indicating a request for usage (such as viewing or printing, or other usage privileges) (i.e. data processing activity), the usage logic (501) is responsive to the ticket rights output and reduced usage output from the ticket logic (440));H&H Ref. No.: P002.01.01 (105310.0007)Ketch Kloud, Inc. - Data Processing Permits System with Keys60 4failing to identify any data processing permit of the plurality of data 5processing permits that supports the additional request; and 6transmitting, in response to the additional request, an indication that the 7additional request is not supported by the plurality of data processing permits (Sitrick, [0277] If the ticket cannot be decrypted properly then no rights are granted. Even though the rights and usage information may be available in an unencrypted form as well, they cannot be used to grant rights. Without a properly decrypted ticket, the unencrypted rights and usage information can only be used for searching and finding an appropriate ticket).  

Regarding claim 10, Sitrick further teaches the method of claim 1, 
wherein the request is received from a user 2device, and the method further comprises: 3performing the data processing activity on the plaintext version of the data 4object in response to the request and based at least in part on decrypting the ciphertext 5version of the data object; and 6transmitting, to the user device, a result of performing the data processing 7activity on the plaintext version of the data object in response to the request (Sitrick, referring to Fig. 24, [0398] FIG. 24 is a flow chart and state flow and block diagram illustrating the control for of decrypted content [DC] (680) within a respective recipient device, responsive to a decrypted ticket [DC] (682) as provided from within the respective recipient device 204 (see, for example, [DC] and [DTKT] of FIG. 23), to selectively provide for regulated usage of one of exporting (696),…).  

Regarding claim 11, Sitrick further teaches the method of claim 1, 
wherein the request is received from a user 2device, and the method further comprises: 3transmitting, to the user device, the plaintext version of the data object in 4response to the request and based at least in part on decrypting the ciphertext version of the 5data object, wherein the plaintext version of the data object is transmitted with an indication 6of an approved use for the plaintext version of the data object corresponding to the data 7processing activity (Sitrick, see Fig. 3, the indication of approved use for the plaintext version of the data object depends on ticket rights and appliance ID for data processing as referred in Fig. 24, and e.g. [0398] FIG. 24 is a flow chart and state flow and block diagram illustrating the control for of decrypted content [DC] (680) within a respective recipient device, responsive to a decrypted ticket [DC] (682) as provided from within the respective recipient device 204 (see, for example, [DC] and [DTKT] of FIG. 23), to selectively provide for regulated usage of one of exporting (696),…).  

Regarding claim 15, Sitrick further teaches the method of claim 1, 
further comprising: 2retrieving, from a database, the permit key, the encrypted version of the 3cryptographic key, and the ciphertext version of the data object based at least in part on 4receiving the request and identifying that the data processing permit supports the request (Sitrick, [0272] Responsive to (i.e. supports) a requested usage input (502) (i.e. request), indicating a request for usage (such as viewing or printing, or other usage privileges)(i.e. associated data processing activity), the usage logic (501) is responsive to the ticket rights output and reduced usage output from the ticket logic (440), … Also [0329] FIG. 15 illustrates the saved ticket subsystem (440) (of FIGS. 3-4), … for the encrypted ticket generator (401), and the resulting ticket decoding (430). The recipient device (204) provides a usage request for specific selected protected content (42) [which initiates the processing of that request by the recipient device. And referring to Fig. 5, [0309] separating logic (108) that receives the combined output (CO) as output from the combining logic (107), and separates the combined output into individual separate outputs of encrypted content (with ticket) and associated respective encrypted production key as inputs to the decryption logic (109)), 5wherein decrypting the encrypted version of the cryptographic key using the permit key and 6decrypting the ciphertext version of the data object using the cryptographic key are based at 7least in part on the retrieving (Sitrick, Referring to Fig, 9, and [0322] which utilizes the Appliance ID as the decryption key (i.e. permit key) to decrypt the encrypted production key (188) to generate a production key copy (240)). And Fig. 9 shows Decryption of Content outputs Unencrypted content 200, and [0322] and utilizes the production key copy to decrypt an encrypted content copy (220)).  

Regarding claim 16, Sitrick further teaches the method of claim 1, 
wherein the set of data comprises data objects 2associated with a specific user, data objects of a specific data object type, data objects 3corresponding to a specific set of timestamps, or any combination thereof (Sitrick, [0071] Tickets defining usage rights can be generated and included with, or separately associated with, or integrated into, the respective associated content (as encrypted) for granting rights to the respective encrypted content on the user's particular specific recipient device computer running the respective associated application software).  

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Sitrick as applied above to claim 2, in view of Romantsov et al (US20210375409A1, hereinafter, “Romantsov”).
Regarding claim 3, Sitrick teaches the method of claim 2, 
While Sitrick does not explicitly teach the following limitation(s), Romantsov in the same field of endeavor teaches:
wherein the information related to the user 2comprises personal identifiable information (PII) for the user (Romantsov, discloses methods storage and access control of health records, [Abstract]. And [0022] the health data item (i.e. PII) is encrypted on the health data storage. … encrypting the health data item with an encryption key associated with the customer to create an encrypted health data item, and providing the encrypted health data item to the customer. And [0119] the download validation operation 150, 156 may include decrypting the accessed health data item… and granting read-only access to the customer in accordance with a permission level 430 assigned to the customer, or a privacy setting of the user associated with the health data item…).  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Romantsov in the data rights management to a secured system for securely utilizing, controlled distribution and usage of protected electronic data files of content of Sitrick by using access control of health records in accordance with a permission level. This would have been obvious because the person having ordinary skill in the art would have been motivated to validate and control access to the health data items of users to protect privacy and security in a system for blockchain-based storage and access control of health records (Romantsov, [Abstract], [0003], [0019]).

Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Sitrick as applied above to claim 4, in view of Winje et al (US20070118527A1, hereinafter, “Winje”).
Regarding claim 5, Sitrick teaches the method of claim 4, 
wherein: 2the additional data processing permit supports requests from the specific 3organization to access the additional set of data to perform the additional data processing 4activity (Sitrick, [0071] Optionally, for another level of appliance specific protection, in addition to the above, a user must obtain an appliance specific key (e.g., a password, a hardware component or otherwise) for use in their particular computer in order to access the protected content); 
Sitrick does not explicitly teach the following limitation(s), Winje in the similar field of endeavor teaches:
and 5the additional data processing permit fails to support requests from an 6organization different from the specific organization, requests to access data different from 7the additional set of data, requests to perform data processing activities different from the 8additional data processing activity, or any combination thereof (Winje, discloses method of providing a user with access to data in accordance with user’s access rights, [Abstract]. And [0019] The system therefore automatically provides the user with data that is specifically filtered according to that user's requirements... the data may be related to different units and elements of an organization, ... The pluggable data filtering system automatically filters data based on the user's assigned rights in the system and on additional filter criteria that may be selected by the user. And [0055] Business framework pluggable criteria provider 315 may thereby, … be configured to execute a statement issued by data filtering criteria provider 313 which is based on a comparison of the access rights indicated by the additional criteria added to the statement, to a filterable container to which data requested for access in the statement are linked).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Winje in the data rights management to a secured system for securely utilizing, controlled distribution and usage of protected electronic data files of content of Sitrick by associating data and users to a data structure with a pluggable data filtering system. This would have been obvious because the person having ordinary skill in the art would have been motivated to allow users to access secure and non-secure data per granted access rights (Winje, [Abstract]).

Claims 6-7, 19 are rejected under 35 U.S.C. 103 as being unpatentable over Sitrick as applied above to claim 1, 17 respectively, in view of Chereshnev et al (US9325715B1, hereinafter, “Chereshnev”), further in view of Sela et al (US20100138652A1, hereinafter, “Sela”).
Regarding claim 6, similarly claim 19, Sitrick teaches the method of claim 1, the apparatus of claim 17, 
further comprising: 2receiving user input from a user, wherein the set of data comprises information 3related to the user (Sitrick, [0386] in accordance with a permission usage rights ticket associated with respective specific decrypted content [DC], or in accordance with embedded usage rights in the encrypted content, or in accordance with predefined default usage rights defined by the associated application software on the recipient device (as per selected design standards and where applicable, user selection of preferences (i.e. user input)), 
While Sitrick does not explicitly teach the following limitation(s), Chereshnev in the same field of endeavor teaches:
and wherein the user input revokes permission for performing the data 4processing activity on the set of data (Chereshnev, discloses method for controlling access to personal user data, [Abstract]. And [Col. 7 lines 13-21] the changes of access parameters may depend on how much the factor for fulfillment of the template exceeds a numeric threshold value. For example, if factor for fulfillment of the template exceeds a numeric threshold value by not more than 0.05, the access control module 203 may notify the user about the identified risk without changing the access parameters automatically and, in cases of greater excess, revoke access rights to the personal user data); 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Chereshnev in the data rights management to a secured system for securely utilizing, controlled distribution and usage of protected electronic data files of content of Sitrick by revoking access rights to the personal user data. This would have been obvious because the person having ordinary skill in the art would have been motivated to control accesses of a consumer to personal data of a user (Chereshnev, [Abstract]).
The combination of Sitrick-Chereshnev does not explicitly teach the following limitation(s), Sela in the same field of endeavor teaches:
and 5deleting the permit key comprising the pointer pointing to the data processing 6permit indicating permission to perform the data processing activity on the set of data based 7at least in part on the user input (Sela, discloses content control method using certificate revocation, [Abstract], [Title]. And [0074] Since system 10 maintains a record of the users or application identities and credentials, the key IDs they have access to, and the associated access rights to each of the key IDs, it is possible for system 10 to add or delete key IDs and alter access rights associated with such key IDs for particular users or applications, to delegate access rights from one user or application to another, or even to delete or add records or tables for users or applications, all as controlled by a properly authenticated host device. And [0143] This ownership can be delegated from one ACR (Access Control Record) to another... An ownership of a key provides the permission to delete it as well as delegate permissions to it).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Sela in the data rights management to a secured system for securely utilizing, controlled distribution and usage of protected electronic data files of content of Sitrick-Chereshnev by adding or deleting key IDs and alter access right associated with the key IDs for particular users. This would have been obvious because the person having ordinary skill in the art would have been motivated to use certificate revocation list provided to memory device to add or delete key IDs for content access control (Sela, [Abstract]).

Regarding claim 7, Sitrick-Chereshnev-Sela further teaches the method of claim 6, 
further comprising: 2deleting the data processing permit indicating permission to perform the data 3processing activity on the set of data based at least in part on the user input, wherein deleting 4the data processing permit comprises deleting the permit key (Sela, [0136] The father ACR is the only ACR that has the permission to delete his child ACR. When an ACR deletes a lower level ACR that he created, then all ACRs spawned by this lower-level ACR are automatically deleted as well. When an ACR is deleted then all the key IDs and partitions that it created are deleted). Same motivation as presented in claim 6 would apply.

Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Sitrick as applied above to claim 1, in view of Hatano et al (US20080063191A1, hereinafter, “Hatano”).
Regarding claim 12, Sitrick teaches the method of claim 1, 
While Sitrick does not specifically teach, in the similar field of endeavor Hatano teaches:
further comprising: 2receiving a delete request for the set of data comprising the data object; 3deleting the permit key comprising the pointer pointing to the data processing 4permit indicating permission to perform the data processing activity on the set of data in 5response to the delete request (Hatano, discloses encryption, decryption of target content parts with corresponding encryption key, see [Abstract]. And [0116] In deleting the secret key sk.sub.i issued with respect to the user i and the public key pk.sub.i corresponding to the secret key sk.sub.i, for example, the secret information of the user i (n, sk.sub.i) may be deleted from the corresponding one of the user devices 140A to 140C and a user deletion request may be transmitted to the key managing device 110. The key managing device 110 which has received the user deletion request may transmit a deletion request for deleting the user i to the key storing device 120, and the key managing device 120 may delete the public key pk.sub.i of the user and transmit a user deletion completion notice corresponding to the deletion of the user i (i.e. pointer) to the corresponding one of the user devices 140A to 140C through the key managing device 110); and 6maintaining the ciphertext version of the data object in the system after the 7deleting the permit key based at least in part on deleting the permit key (Hatano, [0126] The transmission and reception processing part 132 of the content storing device 130, which has received the encrypted content from one of the user devices 140A to 140C (S43), stores the encrypted content thus received in the encrypted content storing area 134 (S44)).  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Hatano in the data rights management to a secured system for securely utilizing, controlled distribution and usage of protected electronic data files of content of Sitrick by deleting corresponding encryption key per user request and storing encrypted content corresponding to user. This would have been obvious because the person having ordinary skill in the art would have been motivated to control specific component of content as encryption target parts with key specific to the user for protection of content by encrypting the content specific to the user (Hatano, [Abstract]).

Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Sitrick-Hatano as applied above to claim 12, further in view of Sela et al (US20100138652A1, hereinafter, “Sela”).
Regarding claim 13, Sitrick-Hatano teaches the method of claim 12, 
further comprising: 2identifying one or more data processing permits indicating permission to perform respective data processing activities on the set of data (Sitrick, [0069] there are tickets (or associated control data) [defining rights], associated with, or included with, or integrated within the original (and encrypted) content. Also referring to Fig. 13. And [327] Ticket data generation logic (405) processes the inputs of rights (402), allowed usage (403) (i.e. data processing activity) and a ticket ID (404) to generate (according to defined logic) a respective ticket output (406) that is coupled as a data input to ticket encryption logic (407)); 
The combination of Sitrick-Hatano does not explicitly teach the following limitation(s), Sela in the same field of endeavor teaches:
andH&H Ref. No.: P002.01.01 (105310.0007)Ketch Kloud, Inc. - Data Processing Permits System with Keys 614deleting one or more permit keys comprising respective pointers to the 5identified one or more data processing permits in response to the delete request, wherein 6deleting the one or more permit keys comprises deleting the permit key (Sela, discloses content control method using certificate revocation, see [Abstract], [Title]. And [0074] Since system 10 maintains a record of the users or application identities and credentials, the key IDs they have access to, and the associated access rights to each of the key IDs, it is possible for system 10 to add or delete key IDs and alter access rights associated with such key IDs for particular users or applications, to delegate access rights from one user or application to another, or even to delete or add records or tables for users or applications, all as controlled by a properly authenticated host device. And [0143] This ownership can be delegated from one ACR (Access Control Record) to another... An ownership of a key provides the permission to delete it as well as delegate permissions to it).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Sela in the data rights management to a secured system for securely utilizing, controlled distribution and usage of protected electronic data files of content of Sitrick-Hatano by adding or deleting key IDs and alter access right associated with the key IDs for particular users. This would have been obvious because the person having ordinary skill in the art would have been motivated to use certificate revocation list provided to memory device to add or delete key IDs for content access control (Sela, [Abstract]).  

Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Sitrick-Hatano as applied above to claim 12, further in view of Roth et al (US20170195119A1, hereinafter, “Roth”).
Regarding claim 14, Sitrick-Hatano teaches the method of claim 12, 
The combination of Sitrick-Hatano does not explicitly teach the following limitation(s), Roth in the same field of endeavor teaches:
wherein the plaintext version of the data 2object is inaccessible from the ciphertext version of the data object based at least in part on 3deleting the permit key (Roth, discloses method of key rotation, see [Title], [Abstract]. And [0081] The encrypted data object and the encrypted envelope key may be stored without the plaintext version of key, that is, the plaintext key may be inaccessible to the data service backend storage system and one or more other systems. The key under which the data object is encrypted (e.g., the master key) may be made inaccessible in any suitable manner). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Roth in the data rights management to a secured system for securely utilizing, controlled distribution and usage of protected electronic data files of content of Sitrick-Hatano by implementing cryptographic key management service in distributed computing environment. This would have been obvious because the person having ordinary skill in the art would have been motivated to protect the plaintext in the system since the key used to decrypt the ciphertext to access to the plaintext is not accessible (not available) (Roth, [Abstract], [0081]).  
Citation of References
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following references are cited but not been replied upon for this office action:
Shankar et al (US9148283B1) discloses method for storing encrypted resource and retrieving the resource per request of user.
Atkins et al (US8307098B1) discloses method for managing user key used to sign a message for a data processing system.
Medvinsky (US9548859B2) discloses method and system of ticket-based implementation of content leasing for accessing digital content stored on a computing device.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL M LEE whose telephone number is (571)272-1975.  The examiner can normally be reached on M-F: 8:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MICHAEL M LEE/Examiner, Art Unit 2436