DETAILED ACTION
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This Office Action is in response to the communication filed on 5/4/2021.
Claims 1-20 have been canceled.
Claims 21-40 are pending for consideration.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 5/4/2021 and 11/2/2021 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.

Specification
The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant’s cooperation is requested in correcting any errors of which applicant may become aware in the specification.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 21 and 31 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 11 and 18 of U.S. Patent No. 11030339. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the instant application recite a corresponding method and system of claims 1, 11 and 18 of the patent application.  For example, see the table below for a claim comparison between the instant application and patent application. 
Furthermore, Examiner notes that each and every limitation of the instant claims appear to be substantially anticipated by the corresponding claims of the patent application.
Therefore, Examiner respectfully submits that the instant claims and the claims of the patent application are not directed to patentably distinct inventions; thus, properly rejected on the grounds of nonstatutory double patenting, as further outlined below.

Instant Application 17307870
Patent Application 11030339
Claim 21: 
A method for controlling data access, comprising: 

receiving, from a first client device via a network, a user token, a service provider token, and a request for a data access key to access personal user data stored on a contactless card associated with a user; 












identifying a service provider based on the service provider token; 

identifying the user based on the user token; 

verifying that the service provider is authorized to receive access to personal user data stored on the contactless card;

retrieving a user key associated with the user from a database; 

generating the data access key based on the user key; and 

transmitting the data access key to the first client device, wherein the request is generated in response to a tap action between the contactless card and the first client device.

Claim 11:
A method for controlling data access, comprising: 

establishing a database storing information comprising a user identifier and a user key associated with a user, and a service provider identifier and a first service provider key associated with a service provider; receiving from a first client device associated with the service provider, via a network, a service provider token and a request for a data access key to access personal user data stored on a contactless card associated with the user, the personal user data encrypted using the user key, the request generated in response to a tap action between the contactless card and the first client device, the request accompanied by a user token stored on the contactless card; 

identifying the service provider based on the service provider token; 

identifying the user based on the user token; 

verifying that the service provider is authorized to receive access to personal user data stored on the contactless card; 

retrieving the user key from the database; 


generating the data access key based on the user key; and 

transmitting to the first client device the data access key.
Claim 21: 
A method for controlling data access, comprising: 

receiving, from a first client device via a network, a user token, a service provider token, and a request for a data access key to access personal user data stored on a contactless card associated with a user; 





































identifying a service provider based on the service provider token; 

identifying the user based on the user token; 

verifying that the service provider is authorized to receive access to personal user data stored on the contactless card; 



retrieving a user key associated with the user from a database; 

generating the data access key based on the user key; and 

transmitting the data access key to the first client device, wherein the request is generated in response to a tap action between the contactless card and the first client device.

Claim 18:
A method for controlling data access, comprising: 

establishing a database storing information comprising a user identifier and a user key associated with a user, and a service provider identifier and a service provider key associated with a service provider; providing a contactless card comprising a communications interface, a processor, and a memory, the memory storing an applet and a user token, wherein the communications interface is configured to support at least one of near field communication, Bluetooth, or Wi-Fi, and wherein the contactless card is associated with the user; providing a client application comprising instructions for execution on a client device associated with the service provider, the client application configured to: in response to a tap action between the contactless card and the client device: receive the user token from the contactless card, and transmit via a network, to a server, a service provider token, the user token, and a request for a data access key, wherein the service provider token is associated with the service provider; receive from the server the data access key and a link to a data repository storing encrypted personal user data associated with the user, wherein the data access key is generated based on the user key; transmit to the data repository, via the link, a request for the encrypted personal user data; receive from the data repository the encrypted personal user data; and using the data access key, decrypt the encrypted personal user data; receiving from the client device, via the network, a service provider token and the request for the data access key to access the personal user data associated with the user, the request accompanied by the user token; identifying the service provider based on the service provider token; 

identifying the user based on the user token; 

verifying that the service provider is authorized to receive access to the personal user data associated with the user; generating the link to the data repository storing the encrypted personal user data; 
retrieving the user key from the database; 


generating the data access key based on the user key; and 

transmitting to the client device the data access key and the link to the data repository storing the encrypted personal user data.
Claim 31:
A data access control system, comprising: a server comprising a processor and a memory, the server in data communication with a database and a client device; and a contactless card associated with a user, the contactless card comprising a processor, a memory, and a communications interface, the memory of the contactless card storing a user token and personal user data associated with the user, wherein the server is configured to: 








receive, from the client device via a network, the user token, a service provider token, and a request for a data access key to access the personal user data, 













identify the user based on the user token, 


verify the service provider is authorized to receive access to the personal user data,


retrieve the user key from the database,

generate the data access key based on the user key, and 

transmit the data access key to the client device, wherein the request is generated in response to a tap action between the contactless card and the client device.
Claim 1:
A data access control system, comprising: a database storing information comprising a user identifier and a user key associated with a user, and a service provider identifier and a service provider key associated with a service provider; a server configured for data communication with a client device associated with the service provider via a network; a contactless card associated with the user, the contactless card comprising a communications interface, a processor, and a memory, the memory storing an applet, a user token, and personal user data associated with the user, wherein the personal user data is encrypted using the user key; a client application comprising instructions for execution on the client device, the client application configured to: in response to a tap action between the contactless card and the client device: receive the user token from the contactless card, and transmit to the server a service provider token, the user token, and a request for a data access key, wherein the service provider token is associated with the service provider; receive from the server the data access key; receive from the contactless card the encrypted personal user data; and using the data access key, decrypt the encrypted personal user data; and, a processor in data communication with the server and the database, the processor configured to: receive from the client device the service provider token, the user token, and the request for the data access key; 
identify the service provider based on the service provider token; identify the user based on the user token; 
verify that the service provider is authorized to receive access to the personal user data; 

retrieving, by the processor, the user key from the database; 
generate the data access key from the user key; and 

transmit to the client device the data access key.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 21-40 are rejected under 35 U.S.C. 103 as being unpatentable over Gosalia (US 20200387904) (hereafter Gosalia) in view of Sharma et al. (US 20200184482) (hereinafter Sharma).
Regarding claim 21, Gosalia discloses a method for controlling data access, comprising: 
receiving, from a first client device via a network, a user token, a service provider token, and a request for a data access key to access personal user data stored on a contactless card associated with a user (Gosalia: paragraphs 0040-0041 and 0048, “physical computing card 208 sends an authorization request to a service provider server 210”… “entity device 206 sends transaction information to a payment network 214. In some embodiments, the transaction information may include transaction details, the user identifier, and/or location data for the entity, entity devices 206 and 212, and/or user device 204.”); 
identifying a service provider based on the service provider token (Gosalia: paragraphs 0042-0043 and 0051, “physical computing card 208 sends the authorization grant and the one or more identifiers corresponding to one or more authorized users associated with the card to an entity device 212. Entity device 212 is configured to communicate with entity device 206”… “payment network 214 sends a confirmation for the transaction to entity device 206 indicating successful completion of authentication and/or authorization”); 
identifying the user based on the user token (Gosalia: paragraphs 0041-0043 and 51, “service provider server 210 sends to physical computing card 208 one or more identifiers corresponding to one or more authorized users associated with physical computing card”… “entity device 206 may provide an indication of successful authentication and/or authorization to the user. For example, the indication may be a receipt for a purchase of goods or services. The indication may be displayed on entity device 206, where the indication may a successful authorization message”); 
verifying that the service provider is authorized to receive access to personal user data stored on the contactless card (Gosalia: paragraphs 0046-0047, “in response to receiving the affirmation from entity device 206, entity device 212 sends an authorization to entity device 206. The authorization may be received by entity device 206. The authorization authorizes user 202 to access resources associated with physical computing card 208, where based on the authorization, entity device 206 may conduct the pending transaction for the user”); and wherein the request is generated in response to a tap action between the contactless card and the first client device (Gosalia: paragraphs 0039-0040, “the action performed on physical computing card 208 may be one or more physical touches detected by a sensor device of physical computing card 208. The one or more physical touches may include, for example, swipes, pinches, taps, holds, and/or clockwise/counterclockwise finger movement”).
Gosalia does not explicitly disclose the following limitations which are disclosed by Sharma, 
retrieving a user key associated with the user from a database (Sharma: paragraphs 0038 and 0049, “The first party 104 is also configured to transmit a notification to the user 110 regarding the provisioning. In connection therewith, the network provider 102 (e.g., via MDES, etc.) is configured to generate a token associated with the payment account credential and to provide the token to the mobile communication device 106 in lieu of or along with the approval for provisioning the payment account to the mobile communication device 106 (whereby the token may then be used in subsequent transactions to the user's payment account).”); 
generating the data access key based on the user key (Sharma: paragraphs 0048-0049, “The network provider 102, in turn, upon receipt of an approval, generates, at 328, a token associated with the payment account credential. The token includes, generally, a payment token associated with the user's payment account, whereby it may be provided in lieu of the payment account credential for the payment account to the application 118 at the mobile communication device 106. The network provider 102 then transmits, at 330, the token to the mobile communication device”); and 
transmitting the data access key to the first client device (Sharma: paragraphs 0048-0049, “The network provider 102 then transmits, at 330, the token to the mobile communication device”).
Gosalia and Sharma are analogous art because they are from the same field of endeavor, access protection. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Gosalia and Sharma before him or her, to modify the system of Gosalia to include generating a data access key based on a user key and transmitting the data access key to a first client device of Sharma. The suggestion/motivation for doing so would have been to maintain security of the data (Sharma: paragraph 0044).
Regarding claim 31, claim 31 discloses a system claim that is substantially equivalent to the method of claim 21. Therefore, the arguments set forth above with respect to claim 21 are equally applicable to claim 31 and rejected for the same reasons.
Regarding claim 40, claim 40 discloses a server claim that is substantially equivalent to the method of claim 21. Therefore, the arguments set forth above with respect to claim 21 are equally applicable to claim 40 and rejected for the same reasons.
Regarding claims 22 and 32, Gosalia as modified discloses wherein the personal user data is encrypted using the user key (Sharma: paragraph 0044, “When the user 110 is authenticated, the payment card 112 (as directed by the application 116 therein) encrypts the payment account credential included in the memory 204 of the payment card 112 (e.g., a PAN, expiration date, etc.) and broadcasts, at 312, the encrypted payment account credential and an authentication result for the user 110 (based on the fingerprint comparison)”).
Regarding claims 23 and 36, Gosalia as modified discloses wherein the database stores a user identifier associated with the user, a service provider identifier associated with the service provider, and a first service provider key associated with the service provider (Sharma: paragraphs 0038 and 0049, “The first party 104 is also configured to transmit a notification to the user 110 regarding the provisioning. In connection therewith, the network provider 102 (e.g., via MDES, etc.) is configured to generate a token associated with the payment account credential and to provide the token to the mobile communication device 106 in lieu of or along with the approval for provisioning the payment account to the mobile communication device 106 (whereby the token may then be used in subsequent transactions to the user's payment account).”).
Regarding claims 24 and 35, Gosalia as modified discloses wherein the first service provider key is valid for a limited period of time (Sharma: paragraphs 0036 and 0044, “The payment account credential may include a primary account number (PAN), token, expiration date, card verification code (CVC), user identifier for the user 110, mailing address for the user 110, billing address, etc”).
Regarding claim 25, Gosalia as modified discloses wherein the data access key is generated based on the user key and the first service provider key (Sharma: paragraph 0049, “The network provider 102, in turn, upon receipt of an approval, generates, at 328, a token associated with the payment account credential. The token includes, generally, a payment token associated with the user's payment account, whereby it may be provided in lieu of the payment account credential for the payment account to the application 118 at the mobile communication device 106. The network provider 102 then transmits, at 330, the token to the mobile communication device 106. The network provider 102 further stores the token in a token data structure, whereby the token may be converted to the payment account credential in connection with one or more subsequent transactions, which includes the token”).
Regarding claim 26, Gosalia as modified discloses further comprising receiving, from a second client device via the network, a second service provider key, wherein the data access key is generated based on the user key, the first service provider key, and the second service provider key (Sharma: paragraph 0049, “The network provider 102, in turn, upon receipt of an approval, generates, at 328, a token associated with the payment account credential. The token includes, generally, a payment token associated with the user's payment account, whereby it may be provided in lieu of the payment account credential for the payment account to the application 118 at the mobile communication device 106. The network provider 102 then transmits, at 330, the token to the mobile communication device 106. The network provider 102 further stores the token in a token data structure, whereby the token may be converted to the payment account credential in connection with one or more subsequent transactions, which includes the token”).
Regarding claim 27, Gosalia as modified discloses wherein the second service provider key is transmitted by the second client device in response to a tap action between the contactless card and the second client device (Sharma: paragraphs 0049 and 0051, “by way of the systems and methods herein, the users may simply authenticate themselves to their payment devices and establish local communication between the payment devices and the mobile devices (e.g., by taping their payment devices on their mobile devices, by utilizing their mobile devices to recognize their payment devices (e.g., via NFC communication or other local wireless communication, etc.), etc.).”).
Regarding claim 28, Gosalia as modified discloses wherein the user token comprises the user key, further comprising authenticating the user based on the user key (Sharma: paragraph 0011, “As an example, certain payment cards may be enabled to authenticate a user, through biometrics, and also to communicate wirelessly (i.e., via contactless communication) with devices in the vicinity of the payment cards. For such payment cards, wallet applications may be enabled to prompt the users associated with the payment cards to tap the payment cards on mobile devices (which include the wallet applications) and thereby authenticate the payment cards (and/or users associated with the cards) at the mobile devices”).
Regarding claim 29, Gosalia as modified discloses wherein the service provider token comprises the service provider key, further comprising authenticating the service provider based on the first service provider key (Gosalia: paragraphs 0042-0043 and 0051, “physical computing card 208 sends the authorization grant and the one or more identifiers corresponding to one or more authorized users associated with the card to an entity device 212. Entity device 212 is configured to communicate with entity device 206”… “payment network 214 sends a confirmation for the transaction to entity device 206 indicating successful completion of authentication and/or authorization”).
Regarding claim 30, Gosalia as modified discloses further comprising identifying the service provider as the sender of the data access key request based on the service provider token (Gosalia: paragraphs 0041-0043 and 51, “service provider server 210 sends to physical computing card 208 one or more identifiers corresponding to one or more authorized users associated with physical computing card”… “entity device 206 may provide an indication of successful authentication and/or authorization to the user. For example, the indication may be a receipt for a purchase of goods or services. The indication may be displayed on entity device 206, where the indication may a successful authorization message”).
Regarding claim 33, Gosalia as modified discloses wherein the memory of the contactless card further stores basic user data associated with the user, the basic user data encrypted with a basic service provider key (Sharma: paragraph 0044, “When the user 110 is authenticated, the payment card 112 (as directed by the application 116 therein) encrypts the payment account credential included in the memory 204 of the payment card 112 (e.g., a PAN, expiration date, etc.) and broadcasts, at 312, the encrypted payment account credential and an authentication result for the user 110 (based on the fingerprint comparison)”).
Regarding claim 34, Gosalia as modified discloses wherein the sever is further configured to: identify the service provider based on the service provider token, and generate the basic service provider key based on the identity of the service provider (Gosalia: paragraphs 0042-0043 and 0051, “physical computing card 208 sends the authorization grant and the one or more identifiers corresponding to one or more authorized users associated with the card to an entity device 212. Entity device 212 is configured to communicate with entity device 206”… “payment network 214 sends a confirmation for the transaction to entity device 206 indicating successful completion of authentication and/or authorization”).
Regarding claim 37, Gosalia as modified discloses wherein the server is further configured to: receive a request for the basic service provider key, verify that the service provider is authorized to receive the basic service provider key, and transmit, to the client device, the basic service provider key (Gosalia: paragraphs 00450046 and 0049, “in response to determining and/or verifying that the user identifier from block 218 in the pending transaction matches an identifier of the one or more authorized users, entity device 206 sends a response to entity device 212. The response may be an affirmation that entity device 206 has a pending transaction involving a user associated with a user identifier that matches an identifier of the one or more authorized users. Entity device 212 receives the response from entity device 206 and processes such to provide further approval or denial of authorization.”).
Regarding claim 38, Gosalia as modified discloses wherein the request for the basic service provider key is independent of the tap action between the contactless card and the client device (Gosalia: paragraphs 0039-0040, “the action performed on physical computing card 208 may be one or more physical touches detected by a sensor device of physical computing card 208. The one or more physical touches may include, for example, swipes, pinches, taps, holds, and/or clockwise/counterclockwise finger movement”).
Regarding claim 39, Gosalia as modified discloses wherein the server is further configured to log each transmission of the basic service provider key (Gosalia: paragraphs 0029 and 0045-0046, “Service provider server 112 may include an authorization database to store authorization details from completed authorization requests including transactions associated with the authorization requests. Such information may also be stored in a third-party database accessible by service provider server 112 and/or entity server 110.”).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRANG T DOAN whose telephone number is (571)272-0740. The examiner can normally be reached Monday-Friday 7-4 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D Feild can be reached on (571)272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/TRANG T DOAN/Primary Examiner, Art Unit 2431