DETAILED ACTION
This is a non-final office action in response to applicant’s communication filed on 06/04/2021.
Claims 1-20 are pending and being considered.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority
Applicant’s claim for the benefit of a prior-filed application (No. 62/901,648, filed on 9/17/2019) under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, 365(c), or 386(c) is acknowledged. This application is filed as continuation of 16/741,666, now US Patent No. 11,032,062 B2.
Claim Objections
Claims 1-2, 6-10, 12-20 are objected to because of the following informalities:  
Applicant is suggested to clarify antecedent basis for, see below examples:
Claim 1 line 16, “… based on at least in part on identifying …” may read “… based on at least in part on the identifying …”; 
Similarly claim 12 line 20; claim 20 line 17.
Claim 2 line 6, “… based at least in part on receiving …” may read “… based at least in part on the receiving …”.
Similarly claim 13 line 7.
Claim 6 line 15, “… based at least in part on further identifying …” may read “… based at least in part further on the identifying …” or more appropriate form; Line 17, “… in part on retrieving …” may read “… in part on the retrieving …”; line 17, “… and on further identifying …” may read “… and further on the identifying …”; Line 20, “… in part on decrypting …” may read “… in part on the decrypting …”; Last line, “… in part on decrypting …” may read “… in part on the decrypting …”.
Similarly, for claim 17.
Claim 7 line 4, “… in part on identifying …” may read “… in part on the identifying …”; Last line, “… on adding …” may read “… on the adding …”.
Claim 8 last line, “… in part on failing …” may read “… in part on the failing …”.
Similarly, for claim 18.
Claim 9 last line, “… in part on failing …” may read “… in part on the failing …”.
Similarly, for claim 19.
Claim 10 last line, “… on setting …” may read “… on the setting …”.
Claim 12 line 5, recites “instructions stored in the memory and executable by the processor to …” may read “instructions stored in the memory and executed by the processor to …”.
Similarly, for claims 13-19.
Claim 20 line 3, “… executable by a processor to …” may read “executed by a processor to …”. 
Corrective action is required.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1, 12 and 20 are rejected on the ground of nonstatutory double patenting as being unpatentable over the corresponding claims of US Patent No. 11,032,062 B2 (hereinafter, “’062”), in view of Lee et al (US20190370500A1, hereinafter, “Lee”).
Claim 1 (or claim 19, 20) of ‘062 discloses all of the limitations recited in claim 1 (similarly claim 12, 20) of the instant application, as seen in the table below, except those limitations as highlighted in bold, however in the same field of endeavor Lee teaches:
A method for managing data privacy at a system supporting a blockchain network (Lee, discloses method and system to access credit data in a blockchain network using smart contract, see [Abstract]), at a set of peer nodes for the blockchain network, a smart contract configured for data processing permit management and a distributed ledger comprising a plurality of data processing permits, wherein each peer node of the set of peer nodes comprises the smart contract and the distributed ledger (Lee, [0003] A distributed ledger and a set of distributed data sources may be used to share the new credit data with a network of nodes that are associated with a group of organizations that are permitted to access the new credit data. The one or more processors may generate a storage identifier for the new credit data by executing a mapping function. The storage identifier may identify a storage location at which the new credit data is to be stored within the set of distributed data sources. The one or more processors may provide the storage identifier for the new credit data to a smart contract associated with the individual. The smart contract may be supported by the distributed ledger. And [0023] the smart contract for the individual may be stored as a block within the blockchain. Also [0037] For example, the first organization may be added to the list of organizations permitted to access the credit data (e.g., which is stored as part of the smart contract). And [0108] a distributed ledger and a set of distributed data sources may be used to share the new credit data with a network of nodes that are associated with a group of organizations that are permitted to access the new credit data); user-specific data (Lee, in reference to Fig. 4, and [0092] As shown in FIG. 4, process 400 may include receiving new credit data (i.e. user-specific data) of an individual that has credit with a first organization); querying the distributed ledger of the peer node using the smart contract querying (Lee, [0051] As shown by reference number 142, the first node may obtain, from the smart contract, a set of public keys associated with organizations that are permitted to access the new credit data. For example, the smart contact may store a list of organization identifiers of organizations that are permitted to access the new credit data, and the list of organization identifiers may be stored in association with the set of public keys of the organizations. This may allow the first node to search (e.g., query) the smart contact to obtain the set of public keys); Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Lee in the data processing permits system with keys of ‘062 by performing data processing activity in a blockchain network using smart contract with distributed ledger. This would have been obvious because the person having ordinary skill in the art would have been motivated to use the blockchain technology to store user-specific data and allow peer node to access user-specific data using the data processing permit with smart contract from the ledger in the blockchain network to improve security and scalability (Lee, [Abstract], [0017-0018]).
Claims Comparison Table
Instant Application 17/339,782
US Patent No. 11,032,062 B2
Claim 1 (similarly claim 12, 20). 
A method for managing data privacy at a system supporting a blockchain network, comprising: 




storing, at a set of peer nodes for the blockchain network, a smart contract configured for data processing permit management and a distributed ledger comprising a plurality of data processing permits, wherein each peer node of the set of peer nodes comprises the smart contract and the distributed ledger; 

receiving, at a peer node of the set of peer nodes, user-specific data corresponding to a user; 

querying the distributed ledger of the peer node using the smart contract of the peer node for a data processing permit of the plurality of data processing permits indicating permission to store the user-specific data; 

identifying, at the peer node and from the distributed ledger of the peer node, a permit key associated with the data processing permit indicating permission to store the user-specific data based at least in part on the querying; 

encrypting the user-specific data using a cryptographic nonce and 




encrypting the cryptographic nonce using the permit key based at least in part on identifying the permit key; 

and storing the encrypted user-specific data and the encrypted cryptographic nonce in an encrypted database.
Claim 1 (or claim 19, or claim20). 
A method for managing data privacy for a system comprising a processor, memory coupled with the processor, and instructions stored in the memory, that when executed by the processor, cause the system to perform the method, comprising: 

storing a set of data processing permits, wherein each data processing permit of the set of data processing permits comprises a respective associated data processing activity; 

receiving a request to perform the associated data processing activity; 

receiving a plaintext data object for the system; 


identifying a data processing permit of the set of data processing permits applicable to the plaintext data object and permitting the system to store the plaintext data object to support the associated data processing activity for the identified data processing permit; 

determining to encrypt and store the plaintext data object based at least in part on the identifying the data processing permit applicable to the plaintext data object; 

encrypting, based at least in part on the determining to encrypt and store the plaintext data object, the plaintext data object using a cryptographic key to obtain a ciphertext object; 

encrypting the cryptographic key using a permit key comprising a pointer pointing to the identified data processing permit, wherein the encrypted cryptographic key is associated with an identifier indicating the permit key; 

identifying that the identified data processing permit supports the request based at least in part on the associated data processing activity for the identified data processing permit; 

retrieving the ciphertext object, the encrypted cryptographic key, and the identifier indicating the permit key based at least in part on the receiving the request and the identifying that the identified data processing permit supports the request; 

identifying the permit key that permits access to the plaintext data object based at least in part on the identifier indicating the permit key and the identifying that the identified data processing permit supports the request; 

decrypting the encrypted cryptographic key using the permit key to obtain the cryptographic key based at least in part on the identifying the permit key that permits access to the plaintext data object; and 

decrypting the ciphertext object using the cryptographic key to obtain the plaintext data object.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 6, 12, 17, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Lee et al (US20190370500A1, hereinafter, “Lee”), in view of Sitrick et al (US20080092239A1, hereinafter, “Sitrick”), further in view of Tong (US20190280855A1, hereinafter, “Tong”).
Regarding claim 1, Lee teaches:
A method for managing data privacy at a system supporting a blockchain network (Lee, discloses method and system to access credit data in a blockchain network using smart contract, see [Abstract]), comprising: 
storing, at a set of peer nodes for the blockchain network, a smart contract configured for data processing permit management and a distributed ledger comprising a plurality of data processing permits, wherein each peer node of the set of peer nodes comprises the smart contract and the distributed ledger (Lee, [0003] A distributed ledger and a set of distributed data sources may be used to share the new credit data with a network of nodes that are associated with a group of organizations that are permitted to access the new credit data… The storage identifier may identify a storage location at which the new credit data is to be stored within the set of distributed data sources. The one or more processors may provide the storage identifier for the new credit data to a smart contract associated with the individual. The smart contract may be supported by the distributed ledger. And [0023] the smart contract for the individual may be stored as a block within the blockchain. Also [0037] For example, the first organization may be added to the list of organizations permitted to access the credit data (e.g., which is stored as part of the smart contract). And [0108] a distributed ledger and a set of distributed data sources may be used to share the new credit data with a network of nodes that are associated with a group of organizations that are permitted to access the new credit data); 
receiving, at a peer node of the set of peer nodes, user-specific data corresponding to a user (Lee, in reference to Fig. 4, and [0092] As shown in FIG. 4, process 400 may include receiving new credit data (i.e. user-specific data) of an individual that has credit with a first organization, wherein a distributed ledger and a set of distributed data sources are to be used to share the new credit data with a network of nodes that are associated with a group of organizations that are permitted to access the new credit data (block 410)); 
querying the distributed ledger of the peer node using the smart contract of the peer node for a data processing permit of the plurality of data processing permits indicating permission [to store the user-specific data]; identifying, at the peer node and from the distributed ledger of the peer node, [a permit key associated with the data processing permit indicating permission to store the user-specific data] based at least in part on the querying (Lee, [0051] As shown by reference number 142, the first node may obtain, from the smart contract, a set of public keys associated with organizations that are permitted to access the new credit data. For example, the smart contact may store a list of organization identifiers of organizations that are permitted to access the new credit data, and the list of organization identifiers may be stored in association with the set of public keys of the organizations. This may allow the first node to search (e.g., query) the smart contact to obtain the set of public keys); (See Sitrick and Tong below for teachings of limitations in bracket) 
encrypting the user-specific data using a cryptographic nonce and [encrypting the cryptographic nonce using the permit key based at least in part on identifying the permit key] (Lee, [0033] As shown in FIG. 1C, and by reference number 110, the first node may encrypt (i.e., re-encrypt) the credit data using the public key of the first organization); (see the teaching of Sitrick below for limitation in bracket)
and storing the encrypted user-specific data and the encrypted cryptographic nonce in an encrypted database (Lee, [0035] As shown by reference number 114, the first node may provide the set of storage identifiers and the encrypted credit data to the distributed file system. Also see Sitrick below, Fig. 18, store encrypted content and encrypted production key (i.e. nonce)).  
While Lee teaches the main concept of accessing credit data (i.e. user-specific data) in a blockchain network using smart contract, but does not specifically teach a permit key associated with the data processing permit indicating permission for processing the user-specific data, in the same field of endeavor Sitrick teaches:
a permit key associated with the data processing permit indicating permission [to store the user-specific data] (Sitrick, discloses method for secure distribution of selected protected content in accordance with usage rights, see [Abstract]. And [0067] an Appliance ID (i.e. permit key) provided by that specific recipient device (running the application software) is used by the trusted provider (production system) to encrypt the respective associated production key that was utilized for encrypting of respective associated selected files of original content (and associated ticket (i.e. data processing permit), where present) as used to generate the respective encrypted content (and where present, the respective associated encrypted ticket)), (See Tong further below for permission to store user-specific data)
encrypting the cryptographic nonce using the permit key based at least in part on identifying the permit key (Sitrick, referring to Fig. 5, at 103, encrypting production key (i.e. cryptographic nonce) with Appliance ID (i.e. permit key)),
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Sitrick in the secure decentralized system utilizing smart contract of Lee by associating permit key with data processing permit according to user’s right. This would have been obvious because the person having ordinary skill in the art would have been motivated to associate data processing permit with user’s right and encrypting the protected user data with appliance ID as permit key to encrypt the user data for user privacy protection (Sitrick, [Abstract]).
The combination of Lee-Sitrick teaches the main concept of the invention for processing user-specific data with permission, however does not specifically teach that the permission is to store the user-specific data, in the same field of endeavor Tong teaches:
the data processing permit indicating permission to store the user-specific data (Tong, discloses method for data storage and data access, [Abstract]. And [0035] the blockchain that corresponds to the identifier can be a consortium blockchain, that is, not all end-user devices have permission to perform a data storage operation on the blockchain, and only a specified end-user device has permission to perform a data storage operation on the blockchain, to ensure data security and data authenticity in the blockchain during a data storage process... a storage device that performs step S101, step S102, and a subsequent data storage process can be the specified end-user device, that is, an end-user device that has permission to store data in the blockchain).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Tong in the secure decentralized system utilizing smart contract of Lee-Sitrick by having permission to store data in blockchain. This would have been obvious because the person having ordinary skill in the art would have been motivated to store data for end-user device that has permission and not all end-user devices have permission to perform data storing on the blockchain to ensure data security and data authenticity (Tong, [Abstract], [0035]).

Regarding claim 12, it is an apparatus claim that encompasses limitations that are similar to those of the method claim 1. Therefore, claim 12 is rejected with the same rationale and motivation as applied against claim 1. In addition, Lee teaches a processor; memory coupled with the processor (Lee, discloses method and system to access credit data in a blockchain network using smart contract, see [Abstract]. And see Fig. 3 Processor and Memory).

Regarding claim 20, it is a computer-readable medium claim that encompasses limitations that are similar to those of the method claim 1. Therefore, claim 20 is rejected with the same rationale and motivation as applied against claim 1. In addition, Lee teaches computer-readable medium storing code for managing data privacy at a system supporting a blockchain network, the code comprising instructions executable by a processor (Lee, discloses method and system to access credit data in a blockchain network using smart contract, see [Abstract], and [0005] a non-transitory computer-readable medium may store one or more instructions that, when executed by one or more processors).

Regarding claim 6, similarly claim 17, Lee-Sitrick-Tong combination teaches the method of claim 1, the apparatus of claim 12,
Lee in view of Tong further teaches: querying the distributed ledger of the peer node using the smart contract of the peer node for the data processing permit indicating permission to store the user-specific data for use in the data processing activity in response to the data request (Lee, [0051] As shown by reference number 142, the first node may obtain, from the smart contract, a set of public keys associated with organizations that are permitted to access the new credit data. For example, the smart contact may store a list of organization identifiers of organizations that are permitted to access the new credit data, and the list of organization identifiers may be stored in association with the set of public keys of the organizations. This may allow the first node to search (e.g., query) the smart contact to obtain the set of public keys. See Tong for permission to store user-specific data);
Tong further teaches: wherein the data processing permit indicates permission to store the user-specific data for use in a data processing activity (Tong, [0035] only a specified end-user device has permission to perform a data storage operation on the blockchain, to ensure data security and data authenticity in the blockchain during a data storage process... an end-user device that has permission to store data in the blockchain). Same motivation with Tong as presented in claim 1 would apply.
Sitrick further teaches: the method further comprising: receiving, at the peer node, a data request to use the user-specific data for the data processing activity (Sitrick, [0272] Responsive to a requested usage input (502) (i.e. request), indicating a request for usage (such as viewing or printing, or other usage privileges) (i.e. data processing activity)); further identifying, at the peer node and from the distributed ledger of the peer node, the permit key associated with the data processing permit indicating permission to store the user-specific data for use in the data processing activity based at least in part on querying the distributed ledger of the peer node for the data processing permit in response to the data request (Sitrick, [0067] an Appliance ID (i.e. permit key) provided by that specific recipient device (running the application software) is used by the trusted provider (production system) to encrypt the respective associated production key that was utilized for encrypting of respective associated selected files of original content (and associated ticket (i.e. data processing permit), where present) as used to generate the respective encrypted content (and where present, the respective associated encrypted ticket)); retrieving, from the encrypted database, the encrypted user-specific data and the encrypted cryptographic nonce based at least in part on further identifying the permit key; decrypting the encrypted cryptographic nonce using the permit key based at least in part on retrieving the encrypted cryptographic nonce and on further identifying the permit key (Sitrick, Referring to Fig. 5, [0309] separating logic (108) that receives the combined output (CO) as output from the combining logic (107), and separates the combined output into individual separate outputs of encrypted content (with ticket) and associated respective encrypted production key as inputs to the decryption logic (109)); decrypting the encrypted user-specific data using the cryptographic nonce based at least in part on decrypting the encrypted cryptographic nonce (Sitrick, Referring to Fig, 9, [0322] which utilizes the Appliance ID as the decryption key (i.e. permit key) to decrypt the encrypted production key (188) to generate a production key copy (240). And (Sitrick, Referring to Fig, 9, [0322] which utilizes the Appliance ID as the decryption key (i.e. permit key) to decrypt the encrypted production key (188) to generate a production key copy (240)); and transmitting, from the peer node, the user-specific data in response to the data request based at least in part on decrypting the encrypted user-specific data (Sitrick, [0322] to provide unencrypted content output (200), that is stored (preferably, only kept temporarily in memory, and only during permitted usages). Furthermore, usage of the decrypted content at the recipient device is selectively provided responsive to and in accordance with the permitted usage rights). Same motivation with Sitrick as presented in claim 1 would apply.

Claims 2, 13 are rejected under 35 U.S.C. 103 as being unpatentable over Lee-Sitrick-Tone as applied above to claim 1, 12 respectively, further in view of Kothavale et al (US20190306128A1, hereinafter, “Kothavale”).
Regarding claim 2, similarly claim 13, Lee-Sitrick-Tong combination teaches the method of claim 1, the apparatus of claim 12,
The combination of Lee-Sitrick-Tong does not specifically teach the following limitations, in the same field of endeavor Kothavale teaches: 
further comprising: receiving, at the peer node and from a user device operated by the user, information indicating consent by the user for the system to store the user-specific data corresponding to the user (Kothavale, discloses method for generating and linking transaction identifiers to distributed data repositories, see [Title], [Abstract]. And[0014] Among other possible uses, the consent ticket enables the identity management service 102 to store data reflecting the consent provided by the user 114); creating the data processing permit indicating permission to store the user-specific data based at least in part on receiving the information indicating the consent by the user (Kothavale, [0014] In one embodiment, the request to link the user's account to one or more data providers 110 includes the user 114 causing the generation of a signed digital “consent ticket” that is provided to the identity management service 102...); and adding the created data processing permit to the distributed ledger of the peer node (Kothavale, [0017] The identity management service 102 can further generate and record a hash of each value to an immutable digital ledger (such as a blockchain managed by a blockchain system 112) for logging purposes. And [0039] the signed digital consent ticket and consent receipt, or values derived from the consent ticket and consent receipt, are stored on a public or private distributed ledger).  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Kothavale in the secure decentralized system utilizing smart contract of Lee-Sitrick-Tong by generating consent ticket indicating user’s consent to link user account at the identity management service to perform internal queries for user data. This would have been obvious because the person having ordinary skill in the art would have been motivated to have user consent ticket valid for a period of time to have data provider to prove that it has the user's consent to obtain desired user’s data without infringing the user's privacy (Kothavale, [Abstract]).

Claims 3, 14 are rejected under 35 U.S.C. 103 as being unpatentable over Lee-Sitrick-Tong-Kothavale as applied above to claim 2, 13 respectively, further in view of Walling et al (US20200059352A1, hereinafter, “Walling”).
Regarding claim 3, similarly claim 14, Lee-Sitrick-Tong-Kothavale combination teaches the method of claim 2, the apparatus of claim 13,
The combination of Lee-Sitrick-Tong-Kothavale does not specifically teach the following limitations, in the same field of endeavor Walling teaches: 
further comprising: sharing, from the peer node to one or more other peer nodes of the set of peer nodes, the created data processing permit (Walling, discloses method to define procedures to create an ad-hoc group of peers in a cryptographic distributed ledger, see [Abstract]. And [0045] With respect to privacy, only the peers of the ad-hoc group will have access to data of the ad-hoc group… the smart contract may provide (i.e. sharing) roles or permission that define which peers have reading access to particular parts of the ad-hoc group and which peers writing access to particular parts of the ad-hoc group).  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Walling in the secure decentralized system utilizing smart contract of Lee-Sitrick-Tong-Kothavale by providing permission that defines which peer has access to ad-hoc group in blockchain network. This would have been obvious because the person having ordinary skill in the art would have been motivated to allow peer to access to the ad-hoc group with consensus using blockchain (Walling, [Abstract], [0001]).

Claims 4, 15 are rejected under 35 U.S.C. 103 as being unpatentable over Lee-Sitrick-Tong as applied above to claim 1, 12 respectively, further in view of Gailloux et al (US10733685B1, hereinafter, “Gailloux”).
Regarding claim 4, similarly claim 15, Lee-Sitrick-Tong combination teaches the method of claim 1, the apparatus of claim 12,
Lee in view of Tong further teaches: searching the distributed ledger of the peer node using the smart contract of the peer node for one or more data processing permits of the plurality of data processing permits indicating permission to store the user-specific data (Lee, [0051] As shown by reference number 142, the first node may obtain, from the smart contract, a set of public keys associated with organizations that are permitted to access the new credit data. For example, the smart contact may store a list of organization identifiers of organizations that are permitted to access the new credit data, and the list of organization identifiers may be stored in association with the set of public keys of the organizations. This may allow the first node to search (e.g., query) the smart contact to obtain the set of public keys. See Tong for permission to store user-specific data); 
The combination of Lee-Sitrick-Tong does not specifically teach the following limitations, in the similar field of endeavor Gailloux teaches: 
further comprising: receiving, at the peer node and from a user device operated by the user, information revoking consent by the user for the system to store the user-specific data corresponding to the user (Gailloux, [Col. 1 lines 45-48] A consumer completing an on-line Internet retail purchase may provide consent to the on-line retail enterprise to store credit card and shipping information of the consumer. And [Col. 4 lines 24-28] The consent management hub provides an interface that may be accessed by information owners to review and manage his or her consents. The information owner may use the interface to revoke consents he or she has granted previously); and deleting, from the distributed ledger of the peer node, at least one or more permit keys corresponding to the one or more data processing permits indicating permission to store the user-specific data based at least in part on the searching and in response to the information revoking the consent (Gailloux, [Col. 9 lines 51-57] The information owner consent management web page may further provide controls that the information owner may use to cancel, revoke, or rescind consents. When the information owner cancels a consent identified by a consent record 140, the consent management application 124 messages with the appropriate third party 110 to inform the third party 110 to delete the subject consent). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Gailloux in the secure decentralized system utilizing smart contract of Lee-Sitrick-Tong by revoking and deleting the consent to release confidential information to third party by consent management bub server. This would have been obvious because the person having ordinary skill in the art would have been motivated to protect confidential/private information (such as credit card information) (Gailloux, [Abstract], [Col. 4 lines 24-60]).

Claims 5, 16 are rejected under 35 U.S.C. 103 as being unpatentable over Lee-Sitrick-Tong-Gailloux as applied above to claim 4, 15 respectively, further in view of Smaiely et al (US20200012765A1, hereinafter, “Smaiely”).
Regarding claim 5, similarly claim 16, Lee-Sitrick-Tong-Gailloux combination teaches the method of claim 4, the apparatus of claim 15,
The combination of Lee-Sitrick-Tong-Gailloux does not specifically teach the following limitations, in the similar field of endeavor Smaiely teaches: 
further comprising: updating the distributed ledger at one or more other peer nodes of the set of peer nodes based at least in part on deleting the at least one or more permit keys from the distributed ledger of the peer node (Smaiely, [0037] the facility enables a user to delete digital content previously uploaded to one or more digital content providers. The facility first verifies that the deleting user has the appropriate rights and permissions to delete the digital content. When the user possesses the appropriate rights and permissions, the facility can delete (or mark for deletion) the digital content from the content repository and update the distributed ledger to reflect the deletion action).  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Smaiely in the secure decentralized system utilizing smart contract of Lee-Sitrick-Tong-Gailloux by deleting digital content according to appropriate rights and permissions for the deleting user. This would have been obvious because the person having ordinary skill in the art would have been motivated to delete the digital content and update the distributed ledger to reflect the deletion action against content piracy (Smaiely, [Abstract], [0037]).

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Lee-Sitrick-Tong as applied above to claim 6, further in view of Carrao et al (US20090106664A1, hereinafter, “Carrao”), and further in view of Chakraborty et al (US20190156061A1, hereinafter, “Chakraborty”).
Regarding claim 7, Lee-Sitrick-Tong combination teaches the method of claim 6, 
The combination of Lee-Sitrick-Tong does not specifically teach the following limitations, in the similar field of endeavor Corrao teaches: 
further comprising: identifying, in the user-specific data, one or more soft identifiers for the user (Corrao, discloses dynamically adjusting security settings on a computer, in particular user profile is generated for users associated with a browser, [Abstract], [0003]. And [0036] The second type of identifying user profile data is soft data 406 (i.e. soft identifier). Soft data 406 is created by analyzing stored metrics associated with users' physical interaction with the system. Such metrics include, but are not limited to, keyboard usage, typing speed, click times, and other identifying patterns distinguishing one user from another); 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Corrao in the secure decentralized system utilizing smart contract of Lee-Sitrick-Tong by identifying soft data associated with users. This would have been obvious because the person having ordinary skill in the art would have been motivated to generate user profile based on soft data associated with users for security configuration of a browser on a system (Carrao, [Abstract], [0003]).
The combination of Lee-Sitrick-Tong-Carrao does not specifically teach the following limitations, in the same field of endeavor Chakraborty teaches: 
and adding local noise to the user-specific data based at least in part on identifying the one or more soft identifiers, wherein transmitting the user-specific data is based at least in part on adding the local noise to the user-specific data (Chakraborty, discloses method of data anonymization, see [Abstract], [0002]. And referring to Fig. 5 step 516, and [0056] Per block 516, noise is added (e.g., by the noise propagation module 121 of FIG. 1) to the quasi-identifier tensor(s) for data anonymization).  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Chakraborty in the secure decentralized system utilizing smart contract of Lee-Sitrick-Tong-Carrao by adding noise to data. This would have been obvious because the person having ordinary skill in the art would have been motivated to add noise to data for data anonymization to remove and/or obfuscate one or more attribute values of one or more data stores such that the resulting views of the data store can no longer be used to identify a name of an individual or associate an individual to sensitive information (Chakraborty, [Abstract], [0002]).

Claims 8-9, 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Lee-Sitrick-Tong as applied above to claim 1, 12 respectively, further in view of Griffin (US10797885B1, hereinafter, “Griffin”).
Regarding claim 8, similarly claim 18, Lee-Sitrick-Tong combination teaches the method of claim 1, the apparatus of claim 12,
Lee in view of Tong further teaches: querying the distributed ledger of the peer node using the smart contract of the peer node for a second data processing permit of the plurality of data processing permits indicating permission to store the user-specific data for use in the second data processing activity in response to the data request (Lee, [0051] As shown by reference number 142, the first node may obtain, from the smart contract, a set of public keys associated with organizations that are permitted to access the new credit data. For example, the smart contact may store a list of organization identifiers of organizations that are permitted to access the new credit data, and the list of organization identifiers may be stored in association with the set of public keys of the organizations. This may allow the first node to search (e.g., query) the smart contact to obtain the set of public keys. See Tong for permission to store user-specific data); 
Tong further teaches: wherein the data processing permit indicates permission to store the user-specific data for use in a first data processing activity (Tong, [0035] only a specified end-user device has permission to perform a data storage operation on the blockchain, to ensure data security and data authenticity in the blockchain during a data storage process... an end-user device that has permission to store data in the blockchain). Same motivation with Tong as presented in claim 1 would apply. 
Sitrick further teaches: further comprising: receiving, at the peer node, a data request to use the user-specific data for a second data processing activity (Sitrick, [0272] Responsive to a requested usage input (502) (i.e. request), indicating a request for usage (such as viewing or printing, or other usage privileges) (i.e. data processing activity)); Same motivation with Sitrick as presented in claim 1 would apply.
The combination of Lee-Sitrick-Tong does not specifically teach the following limitation(s), Griffin in the same field of endeavor teaches:
failing to identify the second data processing permit indicating permission to store the user-specific data for use in the second data processing activity based at least in part on the querying; and transmitting, from the peer node, an indication that the data request has failed based at least in part on failing to identify the second data processing permit (Griffin, discloses methods for privacy presenting distributed ledger consensus, see [Title] and [Abstract]. And [Col. 6 lines 39-52] The key database 132 is configured to retrievably store information relating to Party A's public/private key pair. As an example, the key database may store the public/private keys and digital certificate for Party A. The content database 134 is configured to retrievably store content for the consensus agreement messages created by Party A or Party B to indicate that either Party A and Party B have reached an agreement or have failed to reach an agreement. For example, the content database 134 may store a document (e.g., form, a contract, a smart contract, a deed, a will, etc.) for which Party A and Party B are using a consensus agreement message to indicate that they have reached, or have failed to reach, a consensus agreement on the document). Examiner notes, Griffin teaches agreement either reached or failed to reached. It is obvious to one ordinary skilled in the arts that if agreement is failed to reached, i.e. failing to identify the data processing permit, the indication is opposite to when the agreement is reached.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Griffin in the secure decentralized system utilizing smart contract of Lee-Sitrick-Tong by configuring retrievably store content for the consensus agreement messages based on whether the agreement is reached or failed being reached. This would have been obvious because the person having ordinary skill in the art would have been motivated to implement privacy preserving distributed ledger consensus agreement (Griffin, [Abstract], [Col. 3 lines 58-60]).

Regarding claim 9, similarly claim 19, Lee-Sitrick-Tong combination teaches the method of claim 1, the apparatus of claim 12,
Lee in view of Tong further teaches: querying the distributed ledger of the peer node using the smart contract of the peer node for a second data processing permit of the plurality of data processing permits indicating permission to store the second user-specific data for use in the data processing activity in response to the data request (Lee, [0051] As shown by reference number 142, the first node may obtain, from the smart contract, a set of public keys associated with organizations that are permitted to access the new credit data. For example, the smart contact may store a list of organization identifiers of organizations that are permitted to access the new credit data, and the list of organization identifiers may be stored in association with the set of public keys of the organizations. This may allow the first node to search (e.g., query) the smart contact to obtain the set of public keys. See Tong for permission to store user-specific data); Examiner notes, the teachings of Lee-Sitrick-Tone on first data processing activity, data processing permit can be similarly applied to data processing activity, second data processing permit.
Tong further teaches: wherein the data processing permit indicates permission to store the user-specific data for use in a data processing activity (Tong, [0035] only a specified end-user device has permission to perform a data storage operation on the blockchain, to ensure data security and data authenticity in the blockchain during a data storage process... an end-user device that has permission to store data in the blockchain). Same motivation with Tong as presented in claim 1 would apply. 
Sitrick further teaches: further comprising: receiving, at the peer node, a data request to use second user-specific data corresponding to the user for the data processing activity (Sitrick, [0272] Responsive to a requested usage input (502) (i.e. request), indicating a request for usage (such as viewing or printing, or other usage privileges) (i.e. data processing activity)); Same motivation with Sitrick as presented in claim 1 would apply. 
The combination of Lee-Sitrick-Tong does not specifically teach the following limitation(s), Griffin in the same field of endeavor teaches:
failing to identify the second data processing permit indicating permission to store the second user-specific data for use in the data processing activity based at least in part on the querying; and transmitting, from the peer node, an indication that the data request has failed based at least in part on failing to identify the second data processing permit (Griffin, discloses methods for privacy presenting distributed ledger consensus, see [Title] and [Abstract]. And [] The key database 132 is configured to retrievably store information relating to Party A's public/private key pair. As an example, the key database may store the public/private keys and digital certificate for Party A. The content database 134 is configured to retrievably store content for the consensus agreement messages created by Party A or Party B to indicate that either Party A and Party B have reached an agreement or have failed to reach an agreement. For example, the content database 134 may store a document (e.g., form, a contract, a smart contract, a deed, a will, etc.) for which Party A and Party B are using a consensus agreement message to indicate that they have reached, or have failed to reach, a consensus agreement on the document). Examiner notes, Griffin teaches agreement either reached or failed to reached. It is obvious to one ordinary skilled in the arts that if agreement is failed to reached, i.e. failing to identify the data processing permit, the indication is opposite to when the agreement is reached.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Griffin in the secure decentralized system utilizing smart contract of Lee-Sitrick-Tong by configuring retrievably store content for the consensus agreement messages based on whether the agreement is reached or failed reached. This would have been obvious because the person having ordinary skill in the art would have been motivated to implement privacy preserving distributed ledger consensus agreement (Griffin, [Abstract], [Col. 3 lines 58-60]). 

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Lee-Sitrick-Tong as applied above to claim 1, further in view of Vinson et al (US20200250633A1, hereinafter, “Vinson”), and further in view of Dutta (US 20150324592A1, hereinafter, “Dutta”).
Regarding claim 10, Lee-Sitrick-Tong combination teaches the method of claim 1, 
The combination of Lee-Sitrick-Tong does not specifically teach the following limitation(s), Vinson in the similar field of endeavor teaches:
further comprising: identifying, in the user-specific data, a hard identifier for the user (Vinson, [0026] The user data database 242 may be configured to store information about one or more users registered with a money transfer service provider operating the money transfer network 100. For example, user data database 242 may be configured to store user information, such as a registered user's name, address, telephone number, e-mail address, social security number, driver license number, another type of identifier (e.g., another type of government issued identification document, such as a passport number), date of birth, username (i.e. identifying hard identifier)); and setting the hard identifier for the user to a token value based at least in part on identifying the hard identifier (Vinson, [0028] when the user registers with a provider or operator of the money transfer network 100, a token representative of the user (or the user's data) may be generated. Transactions recorded to the user's vault may record the user's identity using the user's tokenized identity, rather than recording actual user data (e.g., PII data). By separating the user's PII data (e.g., records recorded in the user database 242) from records associated with transactions the user participated in (e.g., records recorded in the vault database 246), the transaction records may be accessed without risking exposure of PII data (e.g., because the transaction records include the user's tokenized identity)), [wherein encrypting the user-specific data is based at least in part on setting the hard identifier for the user to the token value] (see Dutta below for limitation in bracket).  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Vinson in the secure decentralized system utilizing smart contract of Lee-Sitrick-Tong by recording user’s tokenized identity rather than actual user data. This would have been obvious because the person having ordinary skill in the art would have been motivated to use the tokenized user identity for transaction in distributed ledger to protect user PII data (Vinson, [Abstract]). 
The combination of Lee-Sitrick-Tong-Vinson does not specifically teach the following limitation(s), Dutta in the similar field of endeavor teaches:
wherein encrypting the user-specific data is based at least in part on setting the hard identifier for the user to the token value (Dutta, discloses methods for document and data protection, [Title], and [Abstract], [0004] a method comprising of a system or process that entails encrypting sensitive data, generating a token comprising a data identifier, tokenizing the encrypted sensitive data, and/or storing the encrypted sensitive data in association with the token to a token vault. And [0027] The gateway may further tokenize the data (step 208B). For example, the gateway 104 may generate a random number or “token,” and associate that token with the encrypted data stored in the token vault 110).  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Dutta in the secure decentralized system utilizing smart contract of Lee-Sitrick-Tong-Vinson by encrypting sensitive data and storing the encrypted data with token. This would have been obvious because the person having ordinary skill in the art would have been motivated to further protect the sensitive document and data in conjunction with a cloud computing application (Dutta, [Abstract], [0001]). 

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Lee-Sitrick-Tong as applied above to claim 1, further in view of Hedge et al (US20210056082A1, hereinafter, “Hedge”).
Regarding claim 11, Lee-Sitrick-Tong combination teaches the method of claim 1, 
The combination of Lee-Sitrick-Tong does not specifically teach the following limitation(s), Hedge in the same field of endeavor teaches:
wherein the peer node of the set of peer nodes hosts a first instance of the smart contract and a first instance of the distributed ledger (Hedge, discloses a storage system to execute access request for tracking transactions, see [Abstract]. Hedge teaches known feature of peer node, and e.g. [0019] The term “blockchain peer” is a term of art, and refers to an element of a blockchain network that can host ledgers and smart contracts).  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Hedge in the secure decentralized system utilizing smart contract of Lee-Sitrick-Tong by having peer node hosting smart contract and ledger in blockchain technology. This would have been obvious because the person having ordinary skill in the art would have been motivated to track transactions for auditability and security (Hedge, [Abstract], [0001]).

Citation of References
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following references are cited but not been replied upon for this office action:
Patel (US20200058381A1) discloses method for auditing, monitoring, recording and executing healthcare transactions.
Pinski et al (US20190087892A1) discloses method of consent management to record consent between bank and consumers and share them to a third party audit service.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL M LEE whose telephone number is (571)272-1975.  The examiner can normally be reached on M-F: 8:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MICHAEL M LEE/Examiner, Art Unit 2436