DETAILED ACTION
	This is a non-final action on the merits.  The U.S. Patent and Trademark Office has received claims 1-20 in application number 16/855,924.  Claims 1-20 are pending and have been examined on the merits.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections 35 U.S.C. 102
	The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless—(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
	Claims 9, 11, 14, 15, 18, and 20 are rejected under 35 U.S.C. 102(a)(1) as anticipated by pre-grant publication US 20190370358 A1 (“NATION”).

	Regarding independent claim 9, NATION discloses:
	A computer-implemented method, comprising: 
[0019] FIG. 1 illustrates a system for securing confidential data using a blockchain ledger according to an embodiment. System 100 includes entity 102, partners 104 and 106, blockchain 108, blockchain copies 110 and 112, and database 114. In some embodiments, entity 102 can be an organization that has access to confidential information stored in database 114.
NATION at 0019; NATION at 0051, Fig. 5 (depicting the execution of the disclosed embodiment involving the one or more computing nodes of the blockchain network, e.g., each of the recited functions herein).  NATION at 0038, Fig. 3 (“FIG. 3 illustrates a flow for retrieving confidential data secured by a blockchain ledger according to an example embodiment. Flow 300 includes user 302, services 304, database 306, and blockchain 308. User 302 can be a user of an organization that is part of a blockchain community (e.g., entity 102 of FIG. 1)”).
9.1		storing, via one or more computing nodes, one or more data sharing preference settings of a subscriber for subscriber data of the subscriber in a corresponding subscriber preference record of a subscriber preference blockchain ledger;
NATION at 0021 (disclosing the data preference settings as included within the access permissions for a set of the identities in a first copy of a blockchain associated with a partner) (“The access permissions for a set of identities associated with each of entity 102 and partners 104 and 106 can be managed using blockchain ledger 108 and blockchain ledger copies 110 and 112. . . . In such an implementation, blockchain ledger 108 can store up-to-date access permissions for the set of identities while also storing a transaction history for all changes to access permissions for these identities.”); NATION at 0031 (disclosing storing the access permissions in a first blockchain ledger) (“Access permissions manager 216 can provide functionality for storing and/or managing access permissions on a blockchain or may further provide any other functionality of this disclosure.”); NATION at 0019 (disclosing subscriber preferences for “identities” access) (“Data stored in database 114 can be accessed by identities (e.g., authenticated individuals) of entity 102 based on managed access permissions for the identities.”); NATION at 0025 (discussing the data sharing preference settings with respect to subscribers as member organizations) (“For example, embodiments that manage, store, and retrieve the access permissions for shared confidential information using a blockchain can provide enhanced transparency between member organizations that share the confidential information, thus encouraging data sharing adoption.”).
9.2		 storing, via the one or more computing nodes, one more access policy settings with respect to the subscriber data in a corresponding access configuration record of an access configuration blockchain ledger;
NATION at 0021 (disclosing storing the “access permissions,” including access policy settings, in a second copy of a blockchain) (“In such an implementation, blockchain ledger 108 can store up-to-date access permissions for the set of identities while also storing a transaction history for all changes to access permissions for these identities. In some embodiments, blockchain ledger 108 manages a central ledger while blockchain ledger copies 110 and 112 store copies of this central ledger.”).
9.3		 receiving, via the one or more computing nodes, a data request from a computing device of a third-party entity to access a set of subscriber data of the subscriber;
NATION at 0021 (disclosing the entity 102, as the one or more computing nodes receiving a data request sent by the partner 106, as the third-party entity).  NATION describes the recited request from the user 304 described in Fig. 1 in the context of Fig. 3:
[0040] Once an identity for user 302 is authenticated, the user can leverage services 304 to query database 306 for confidential information. In response, database 306 can validate user 302, for example based on the user's previous authentication. In an embodiment, the identity management service can provide credentials that can be used for validation, such as a token. For example, an IDCS service can provide one or more tokens for user 302 such that various other systems, such as database 306, can validate the identity of the user.
NATION at 0040 (disclosing the partner 302 third-party entity user data request as “leverage[ing] services to query the database,” the database located at the entity 102 compute node); NATION at 0038 (disclosing Fig. 3 as applies to any user, whether partner 104 or third-party 106) (“User 302 can be a user of an organization that is part of a blockchain community (e.g., entity 102 of FIG. 1). Services 304 can include software services suitable to implement various embodiments including an identity management service, database query service, web service, and the like.”).
9.4		 determining, via the one or more computing nodes, using one or more records in the subscriber preference blockchain ledger that the third-party entity is permitted to access the set of subscriber data;
[0048] Considering the retrieved security attributes or access permissions illustrated in FIG. 3, the authenticated and validated identity of user 302 is permitted to retrieve information keyed with the security attributes of subset 404 based on a correspondence between the access permissions for the identity of user 302 and the security attributes of the subset 404. The access permissions for identities and/or security attributes for confidential data can be similarly structured, or can differ in some embodiments.
NATION at 0048 (disclosing the third-party entity user is “the authenticated and validated identity of user,” subscriber, and is permitted to access the subscriber data based on the access permissions.).
9.5		 determining, via the one or more computing nodes, using one or more records in the access configuration blockchain ledger that the third-party entity is permitting to access the set of subscriber data; and
NATION at 0048 (disclosing the determining step  with respect to the access permissions) (“The access permissions for identities and/or security attributes for confidential data can be similarly structured, or can differ in some embodiments.”).
9.6		in response to the determining that the third-party entity is permitted to access the set of subscriber data by the subscriber preference blockchain ledger and the access configuration blockchain ledger, providing the computing device of the third-party entity with access to the set of subscriber data.  
[0050] Returning to FIG. 3, requested confidential data keyed with security attributes that correspond to the returned access permissions for the identity of user 302 can be returned to user 302/services 304. For example, if user 302/services 304 requested retrieval of a set of secured data from database 306, the secured data returned by database 306 would be the requested data that corresponds with the access permissions for the authenticated identity of user 302 returned from blockchain 308.
NATION at 0050.
	By this analysis, NATION anticipates independent claim 9.

	Regarding claim 11, NATION discloses: The computer-implemented method of claim 9, further comprising: 
		receiving one or more access configuration settings for a subscriber and a subscriber identifier of the subscriber from a computer device, the one or more data sharing preferences further controlling third-party access to the subscriber data of the subscriber;
[0068] At 602, an update to access permissions from a first entity on behalf of a second entity can be received, wherein the update changes access permissions to a confidential data store. With reference to FIG. 1, a first identity of entity 102 (or partners 104 and/or 106) can request a change to access permissions for a second identity of entity 102. In some embodiments, the access permissions can secure confidential data stored at database 114. Database 114 can implement a security model that includes VPD and/or Oracle® security label protocols.
NATION at 0068 (disclosing the receiving step, as at independent claim 1, where the receiving includes receiving “an update to access permissions”).
		 generating an access configuration record having metadata that includes one or more access configuration settings and the subscriber identifier;
NATION at 0076 (“Embodiments secure access to the confidential information for these various identities across different organizations by managing access permissions and updates to access permissions using a blockchain ledger. For example, the different organizations that share access to the confidential information can represent members of a blockchain community.”); NATION at 0059 (disclosing the metadata within the generated blockchain transaction record and subscriber identifier as the corresponding blockchain address) (“In some embodiments, when consensus is achieved and a new block is added to the blockchain, the block is stored with the hash of the previous block . . . and the hash of the data being added in this block. In some embodiments, the data itself is not encrypted and can technically be read by nodes of the blockchain ledger.  Although the data itself is not encrypted in some embodiments, the identities are protected, as each identity is referenced by an address (e.g., within the blockchain).”).
		 appending a unique initial signature value or a hash signature of a prior access configuration record in the access configuration blockchain ledger to the access configuration record;
NATION at 0070 (“At 606, the update can be submitted to a plurality of members of a blockchain community. For example, the validated update can be proposed to members of the blockchain community (e.g., partners 104 and 106). At 608, upon consensus from a block chain community, the update to the access permissions for the second entity can be executed, wherein the update is appended to a blockchain ledger that stores access permissions for the blockchain community, the blockchain community comprising a plurality of different organizations that share access to the confidential data store.”); NATION at 0013 (disclosing explicitly that the unique initial signature value or a cryptographic hash signature is part of the records stored within the blockchain ledger of paragraph 0070) (“Implementations of a blockchain can be recursive, where each block in a ledger includes a cryptographic hash of the block preceding it. Accordingly, a blockchain ledger can provide transparency for the underlying records or transactions represented by the ledger, for example from the genesis block (or transaction) to the most recent block (or transaction).”); NATION at 0021 (“The access permissions for a set of identities associated with each of entity 102 and partners 104 and 106 can be managed using blockchain ledger 108 and blockchain ledger copies 110 and 112.”).
		 computing an additional hash signature of the access configuration record for appending to an additional access configuration record of the subscriber or an additional subscriber;
NATION at 0077 (“Accordingly, the blockchain ledger can store up-to-date and transparent access permissions for identities of the community members (e.g., participating organizations). In some embodiments, when an identity requests access to the confidential information, the database can query the blockchain to retrieve the up-to-date access permissions for the requesting identity.”).
		 and  adding the access configuration record that includes the subscriber identifier of the subscriber to the access configuration blockchain ledger.  
NATION at 0071 (“At 610, distributed copies of the blockchain ledger can be populated with the update. For example, the new block can be appended to blockchain 108, and blockchain copies 110 and 112 can be populated with the new block.”); NATION at 0059 (disclosing the metadata within the generated blockchain transaction record and subscriber identifier as the corresponding blockchain address).
	Therefore NATION anticipates claim 14.

	Regarding claim 14, NATION discloses: The computer-implemented method of claim 9, further comprising: 
		generating a data transaction record having metadata that includes transaction information related to the access of the set of subscriber data of the subscriber by the third-party entity and a subscriber identifier of the subscriber;
NATION at 0042 (disclosing the transaction information in a separate database that reflects transactions to the blockchain for the purpose of accessing the confidential data store) (“In some embodiments, blockchain 308 can include a database (e.g., separate from the confidential data store of database 306) which stores the current “state of the world” for the blockchain, where this state of the world is updated whenever transactions are added to the ledger. For example, this database can be a NoSQL database, and semi-complex querying can be performed to retrieve data.”); NATION at 0043 (disclosing the transaction may include metadata for subscriber). (“In such an embodiment, although a database is used to store up-to-date access permissions for confidential data, blockchain 308 still maintains an immutable record and manages the execution of transactions for these access permissions. Thus, blockchain 308 still provides transparency and assurance that established policies for the management of access to confidential data are being implemented.”); see further NATION at 0021 (disclosing the transaction information as included in “a transactions history”) (“In such an implementation, blockchain ledger 108 can store up-to-date access permissions for the set of identities while also storing a transaction history for all changes to access permissions for these identities.”).
		 appending a unique initial signature value or a hash signature of a prior data transaction record in a data transaction blockchain ledger to the data transaction record;
NATION at 0070 (“At 606, the update can be submitted to a plurality of members of a blockchain community . . . wherein the update is appended to a blockchain ledger that stores access permissions for the blockchain community . . .”); see further NATION at 0013 (disclosing explicitly that the unique initial signature value or a hash signature of a prior data transaction record, that is a “cryptographic hash signature,” is part of the records stored within the blockchain ledger of paragraph 0070) (“Implementations of a blockchain can be recursive, where each block in a ledger includes a cryptographic hash of the block preceding it.”); and further NATION at 0041 (disclosing an unique initial signature value as the signature generated by a key of the subscriber on the ledger) (“In some embodiments, blockchain 308 can be considered a key-based ledger, and each identity would have a key (or address) on the ledger.”).
		 computing an additional hash signature of the data transaction record for appending to an additional data transaction record of the subscriber or an additional subscriber;
NATION at 0013 (disclosing that hash signatures are computed recursively for each additional transaction record) (“Implementations of a blockchain can be recursive, where each block in a ledger includes a cryptographic hash of the block preceding it.”).
		 and  adding the data transaction record that includes the subscriber identifier of the subscriber to the data transaction blockchain ledger.  
NATION at 0071 (“At 610, distributed copies of the blockchain ledger can be populated with the update. For example, the new block can be appended to blockchain 108, and blockchain copies 110 and 112 can be populated with the new block.”); NATION at 0059 (disclosing the subscriber identifier).
	Therefore NATION anticipates claim 14.

	Regarding claim 15, NATION discloses: The computer-implemented method of claim 9, further comprising:
		 receiving a request from a user device of a user to retrieve metadata that matches a subscriber identifier of the subscriber from one or more blockchain ledgers;
[0038] FIG. 3 illustrates a flow for retrieving confidential data secured by a blockchain ledger according to an example embodiment. Flow 300 includes user 302, services 304, database 306, and blockchain 308. User 302 can be a user of an organization that is part of a blockchain community (e.g., entity 102 of FIG. 1). Services 304 can include software services suitable to implement various embodiments including an identity management service, database query service, web service, and the like. . . . Database 306 can be similar to database 114 of FIG. 1 or database 217 of FIG. 2 and blockchain 308 can be similar to blockchain ledger 108 of FIG. 1.
NATION at 0038.
		 retrieving corresponding metadata from at least one blockchain ledger using the subscriber identifier;
[0041] Once user 302's identity is validated, database 306 can retrieve access permissions or security attributes for the validated identity from blockchain 308. In some embodiments, blockchain 308 can be considered a key-based ledger, and each identity would have a key (or address) on the ledger. In such an embodiment, database 306 can retrieve values for user 302's key on blockchain 308, as the data at this location of blockchain 308 corresponds to the security attributes for user 302's identity.
NATION at 0041.
		 and sending the corresponding metadata that corresponds to the subscriber identifier to the user device, wherein the user is the subscriber or another person authorized to access the metadata.  
NATION at 0049 with Fig. 3 (disclosing the retrieved “security attributes” with the subscriber, as depicted by the arrow from “Attributes from User are Compared to Security Attributes of Data to Securely Return Data” and “User Authenticates”) (“Accordingly, an identity with corresponding security attributes may be permitted to retrieve data from the first table but not the second table, and in some implementations may be permitted to retrieve data from certain columns/rows of the first table but not other columns/rows of the first table.”).
	Therefore NATION anticipates claim 15.

	Claim 18 is directed to a system and is commensurate in scope with the computer-implemented method of claim 9, presented above.  NATION discloses:
		A system, comprising: one or more processors; and memory including a plurality of computer-executable components that are executable by the one or more processors to perform a plurality of actions, the plurality of actions comprising: 
[0019] FIG. 1 illustrates a system for securing confidential data using a blockchain ledger according to an embodiment. System 100 includes entity 102, partners 104 and 106, blockchain 108, blockchain copies 110 and 112, and database 114. In some embodiments, entity 102 can be an organization that has access to confidential information stored in database 114.
NATION at 0019; NATION at 0051, Fig. 5 (depicting the execution of the disclosed embodiment involving the one or more computing nodes of the blockchain network, e.g., each of the recited functions herein).  NATION at 0038, Fig. 3 (“FIG. 3 illustrates a flow for retrieving confidential data secured by a blockchain ledger according to an example embodiment. Flow 300 includes user 302, services 304, database 306, and blockchain 308. User 302 can be a user of an organization that is part of a blockchain community (e.g., entity 102 of FIG. 1)”).
		storing, via one or more computing nodes, one or more data sharing preference settings of a subscriber for subscriber data of the subscriber in a corresponding subscriber preference record of a subscriber preference blockchain ledger;
		 storing, via the one or more computing nodes, one more access policy settings with respect to the subscriber data in a corresponding access configuration record of an access configuration blockchain ledger;
		 receiving, via the one or more computing nodes, a data request from a computing device of a third-party entity to access a set of subscriber data of the subscriber;
		 determining, via the one or more computing nodes, using one or more records in the subscriber preference blockchain ledger that the third-party entity is permitted to access the set of subscriber data;
		 determining, via the one or more computing nodes, using one or more records in the access configuration blockchain ledger that the third-party entity is permitting to access the set of subscriber data;
		 and in response to the determining that the third-party entity is permitted to access the set of subscriber data by the subscriber preference blockchain ledger and the access configuration blockchain ledger, providing the computing device of the third-party entity with access to the set of subscriber data.  
	The above limitations are commensurate in scope with claim 9 and the prior art of NATION cited at claim 9 is applied to each commensurate limitation of claim 18 here.
	Therefore NATION anticipates claim 18.
	Claim 20 is commensurate in scope with claim 11, and the prior art of NATION cited at claim 11 is applied to each commensurate limitation of claim 20 here.  NATION discloses the system of claim 18, wherein the plurality of actions further comprise:
		 receiving one or more access configuration settings for a subscriber and a subscriber identifier of the subscriber from a computer device, the one or more data sharing preferences further controlling third-party access to the subscriber data of the subscriber;
		 generating an access configuration record having metadata that includes one or more access configuration settings and the subscriber identifier;
		 appending a unique initial signature value or a hash signature of a prior access configuration record in the access configuration blockchain ledger to the access configuration record;
		 computing an additional hash signature of the access configuration record for appending to an additional access configuration record of the subscriber or an additional subscriber;
		 and adding the access configuration record that includes the subscriber identifier of the subscriber to the access configuration blockchain ledger.
	Therefore NATION anticipates claim 20.

Claim Rejections 35 U.S.C. 103
	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

	Claims 1, 2, 4, 7-8, 10, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over US 20190370358 A1 (“NATION”) in view of US 20140189107 A1 (“KALAVADE”).  

	Regarding independent claim 1, NATION discloses:
		One or more non-transitory computer-readable media of a data broker platform storing computer-executable instructions that upon execution cause one or more processors to perform acts comprising:
1.1		 receiving one or more data sharing preferences and a subscriber identifier of a subscriber that uses one or more communication services of a mobile network operator (MNO) from a user device of the subscriber, the one or more data sharing preferences controlling third-party access to subscriber data of the subscriber;
[0068] At 602, an update to access permissions from a first entity on behalf of a second entity can be received, wherein the update changes access permissions to a confidential data store. With reference to FIG. 1, a first identity of entity 102 (or partners 104 and/or 106) can request a change to access permissions for a second identity of entity 102. In some embodiments, the access permissions can secure confidential data stored at database 114. Database 114 can implement a security model that includes VPD and/or Oracle® security label protocols.
NATION at 0068 (disclosing receiving one or more data sharing preferences . . . the one or more data sharing preferences controlling third-party access to subscriber data of the subscriber).  Claim Interpretation: The claim recites to a subscriber that uses one or more communication services of a mobile network operator (MNO).  In other words, the recited identifier is associated with a subscriber, and the clause that uses . . . (MNO), describes the subscriber associated with the identifier.  However, there is no comma after (MNO) and before from that would clearly indicate where the description stops and the recited receiving step resumes, i.e., receiving . . . from a user device of the subscriber.  Examiner is interpreting the limitation as if the comma is present so that the limitation reads on: receiving . . . from a user device of the subscriber, where the subscriber uses one or more communication services of a mobile network operator (MNO).
1.2		 generating a subscriber preference record having metadata that includes the one or more data sharing preferences and the subscriber identifier;
NATION at 0076 (“When an organization requests an updated to the access permissions for one of its identities, a sequence of actions can be triggered (e.g., a smart contract can be called) to execute the transaction. . . . A transaction or block can be appended to the blockchain that reflects the change in access permissions for the identity.”); NATION at 0059 (disclosing the metadata within the generated blockchain transaction record and subscriber identifier as the corresponding blockchain address) (“In some embodiments, when consensus is achieved and a new block is added to the blockchain, the block is stored with the hash of the previous block . . . and the hash of the data being added in this block. In some embodiments, the data itself is not encrypted and can technically be read by nodes of the blockchain ledger.  Although the data itself is not encrypted in some embodiments, the identities are protected, as each identity is referenced by an address (e.g., within the blockchain).”).
1.3		 appending a unique initial signature value or a cryptographic hash signature of a prior subscriber preference record in a subscriber preference blockchain ledger to the subscriber preference record;
[0070] At 606, the update can be submitted to a plurality of members of a blockchain community. For example, the validated update can be proposed to members of the blockchain community (e.g., partners 104 and 106). At 608, upon consensus from a block chain community, the update to the access permissions for the second entity can be executed, wherein the update is appended to a blockchain ledger that stores access permissions for the blockchain community, the blockchain community comprising a plurality of different organizations that share access to the confidential data store.
NATION at 0070; NATION at 0013 (disclosing explicitly that the unique initial signature value or a cryptographic hash signature is part of the records stored within the blockchain ledger of paragraph 0070) (“Implementations of a blockchain can be recursive, where each block in a ledger includes a cryptographic hash of the block preceding it. Accordingly, a blockchain ledger can provide transparency for the underlying records or transactions represented by the ledger, for example from the genesis block (or transaction) to the most recent block (or transaction).”).
1.4		 computing an additional cryptographic hash signature of the subscriber preference record for appending to an additional subscriber preference record of the subscriber or an additional subscriber;
NATION at 0077 (“Accordingly, the blockchain ledger can store up-to-date and transparent access permissions for identities of the community members (e.g., participating organizations). In some embodiments, when an identity requests access to the confidential information, the database can query the blockchain to retrieve the up-to-date access permissions for the requesting identity.”).
1.5		 and adding the subscriber preference record that includes the subscriber identifier of the subscriber to the subscriber preference blockchain ledger.  
NATION at 0071 (“At 610, distributed copies of the blockchain ledger can be populated with the update. For example, the new block can be appended to blockchain 108, and blockchain copies 110 and 112 can be populated with the new block.”); NATION at 0059 (disclosing the subscriber identifier 
	However, NATION does not explicitly disclose:
a subscriber that uses one or more communication services of a mobile network operator (MNO)
	KALAVADE discloses:
1.1		 receiving one or more data sharing preferences and a subscriber identifier of a subscriber that uses one or more communication services of a mobile network operator (MNO) from a user device of the subscriber, the one or more data sharing preferences controlling third-party access to subscriber data of the subscriber;
KALAVADE at 0082 (“FIG. 5 shows how the information itself is collected by the brokering platform. The brokering platform sits in the mobile network and through adapters (called Collectors 510, 512, 514, 516) collects information from multiple sources—content level information from the GGSN/PDSN/HA 310 output, location information from LBS platforms, subscriber information from subscriber databases, Messaging traffic from SMSC/MMSC, USSD, etc.”); KALAVADE at 0057 (“The brokering platform collects data from a mobile network, correlates to generate enriched user-level profiles, and uses these profiles to provide targeting information to different applications and advertising platforms.”).
	NATION discloses a system that stores the access permissions for corresponding identities, or subscribers, in the metadata of transactions in a blockchain maintained by the “entity” system and nodes of member organizations, where prior and subsequent transactions related to an access permission request are connected by cryptographic hash signatures.  The access permissions stored in the blockchain grant permission for the corresponding identity to access the confidential data in the database maintained by the system.  KALAVADE discloses where the identity or subscriber, is in fact a subscriber of . . . a mobile network operator, for the analogous function of sharing mobile operator subscriber data for third party access.  It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention that the identity of NATION could be the subscriber of KALAVADE, because NATION discloses the identity as a user of a member or organization, without limiting to a specific type of organization, such that the system of NATION performs the same where the identity is the subscriber of KALAVADE.
	Therefore independent claim 1 is rendered obvious by NATION in view of KALAVADE.

	Regarding claim 2, NATION discloses: The one or more non-transitory computer-readable media of claim 1, wherein the acts further comprise: 
2.1		receiving one or more access configuration settings for a subscriber and the subscriber identifier of the subscriber from a computer device, the one or more data sharing preferences further controlling third-party access to the subscriber data of the subscriber;
[0068] At 602, an update to access permissions from a first entity on behalf of a second entity can be received, wherein the update changes access permissions to a confidential data store. With reference to FIG. 1, a first identity of entity 102 (or partners 104 and/or 106) can request a change to access permissions for a second identity of entity 102. In some embodiments, the access permissions can secure confidential data stored at database 114. Database 114 can implement a security model that includes VPD and/or Oracle® security label protocols.
NATION at 0068 (disclosing the receiving step, as at independent claim 1, where the receiving includes receiving “an update to access permissions”).  Claim Interpretation: (I) The present claim 2 is identical to that of claim 1 but for substituting the recitation to access configuration settings for the recitation to data sharing preferences.  There is no order imposed on the recited steps occurring first for data sharing preferences and second for access configuration settings, or that these steps must be performed separately, without performing the other; nor is there any recitation to separate and distinct blockchain ledgers for this data.
2.2		 generating an access configuration record having metadata that includes one or more access configuration settings and the subscriber identifier;
NATION at 0076 (“Embodiments secure access to the confidential information for these various identities across different organizations by managing access permissions and updates to access permissions using a blockchain ledger. For example, the different organizations that share access to the confidential information can represent members of a blockchain community.”); NATION at 0059 (disclosing the metadata within the generated blockchain transaction record and subscriber identifier as the corresponding blockchain address) (“In some embodiments, when consensus is achieved and a new block is added to the blockchain, the block is stored with the hash of the previous block . . . and the hash of the data being added in this block. In some embodiments, the data itself is not encrypted and can technically be read by nodes of the blockchain ledger.  Although the data itself is not encrypted in some embodiments, the identities are protected, as each identity is referenced by an address (e.g., within the blockchain).”).
2.3		  appending a unique initial signature value or a hash signature of a prior access configuration record in an access configuration blockchain ledger to the access configuration record;
NATION at 0070 (“At 606, the update can be submitted to a plurality of members of a blockchain community. For example, the validated update can be proposed to members of the blockchain community (e.g., partners 104 and 106). At 608, upon consensus from a block chain community, the update to the access permissions for the second entity can be executed, wherein the update is appended to a blockchain ledger that stores access permissions for the blockchain community, the blockchain community comprising a plurality of different organizations that share access to the confidential data store.”); NATION at 0013 (disclosing explicitly that the unique initial signature value or a cryptographic hash signature is part of the records stored within the blockchain ledger of paragraph 0070) (“Implementations of a blockchain can be recursive, where each block in a ledger includes a cryptographic hash of the block preceding it. Accordingly, a blockchain ledger can provide transparency for the underlying records or transactions represented by the ledger, for example from the genesis block (or transaction) to the most recent block (or transaction).”); NATION at 0021 (“The access permissions for a set of identities associated with each of entity 102 and partners 104 and 106 can be managed using blockchain ledger 108 and blockchain ledger copies 110 and 112.”).
2.4		 computing an additional hash signature of the access configuration record for appending to an additional access configuration record of the subscriber or an additional subscriber;
NATION at 0077 (“Accordingly, the blockchain ledger can store up-to-date and transparent access permissions for identities of the community members (e.g., participating organizations). In some embodiments, when an identity requests access to the confidential information, the database can query the blockchain to retrieve the up-to-date access permissions for the requesting identity.”).
2.5		 and adding the access configuration record that includes the subscriber identifier of the subscriber to the access configuration blockchain ledger.  
NATION at 0071 (“At 610, distributed copies of the blockchain ledger can be populated with the update. For example, the new block can be appended to blockchain 108, and blockchain copies 110 and 112 can be populated with the new block.”); NATION at 0059 (disclosing the metadata within the generated blockchain transaction record and subscriber identifier as the corresponding blockchain address).
	Therefore claim 2 is rendered obvious by NATION in view of KALAVADE.

	Regarding claim(s) 4 NATION in view of KALAVADE disclose the one or more non-transitory computer-readable media of claim 2, NATION further discloses: wherein the acts further comprise: 
4.1		receiving a data request from a computing device of a third-party entity to access a set of subscriber data of the subscriber at an online request portal of the data broker platform;
NATION at 0021 (disclosing the entity 102, as the one or more computing nodes receiving a data request sent by the partner 106, as the third-party entity).  NATION further describes the recited request from the user 304:
[0040] Once an identity for user 302 is authenticated, the user can leverage services 304 to query database 306 for confidential information. In response, database 306 can validate user 302, for example based on the user's previous authentication. In an embodiment, the identity management service can provide credentials that can be used for validation, such as a token. For example, an IDCS service can provide one or more tokens for user 302 such that various other systems, such as database 306, can validate the identity of the user.
NATION at 0040 (disclosing the partner 302 third-party entity user data request as “leverage[ing] services to query the database,” the database located at the entity 102 compute node); NATION at 0038 (disclosing Fig. 3 as applies to any user, whether partner 104 or third-party 106) (“User 302 can be a user of an organization that is part of a blockchain community (e.g., entity 102 of FIG. 1). Services 304 can include software services suitable to implement various embodiments including an identity management service, database query service, web service, and the like.”).
4.2		 determining using one or more corresponding records in the subscriber preference blockchain ledger and one or more corresponding records in the access configuration blockchain ledger that the third-party entity is permitted to access the set of subscriber data of the subscriber; and
[0048] Considering the retrieved security attributes or access permissions illustrated in FIG. 3, the authenticated and validated identity of user 302 is permitted to retrieve information keyed with the security attributes of subset 404 based on a correspondence between the access permissions for the identity of user 302 and the security attributes of the subset 404. The access permissions for identities and/or security attributes for confidential data can be similarly structured, or can differ in some embodiments.
NATION at 0048 (disclosing the third-party entity user is “the authenticated and validated identity of user,” subscriber, and is permitted to access the subscriber data based on the access permissions.).
4.3		 in response to the third-party entity being permitted to access the set of subscriber data, providing the set of subscriber data to the computing device of the third-party entity.  
with access to the set of subscriber data.  
[0050] Returning to FIG. 3, requested confidential data keyed with security attributes that correspond to the returned access permissions for the identity of user 302 can be returned to user 302/services 304. For example, if user 302/services 304 requested retrieval of a set of secured data from database 306, the secured data returned by database 306 would be the requested data that corresponds with the access permissions for the authenticated identity of user 302 returned from blockchain 308.
NATION at 0050.
	Therefore claim 4 is rendered obvious by NATION in view of KALAVADE.

	Regarding claim(s) 7, NATION in view of KALAVADE disclose: The one or more non-transitory computer-readable media of claim 4, wherein the acts further comprise:
	NATION further discloses:
7.1		generating a data transaction record having metadata that includes transaction information related to the access of the set of subscriber data of the subscriber by the third-party entity and a subscriber identifier of the subscriber;
NATION at 0042 (disclosing the transaction information in a separate database that reflects transactions to the blockchain for the purpose of accessing the confidential data store) (“In some embodiments, blockchain 308 can include a database (e.g., separate from the confidential data store of database 306) which stores the current “state of the world” for the blockchain, where this state of the world is updated whenever transactions are added to the ledger. For example, this database can be a NoSQL database, and semi-complex querying can be performed to retrieve data.”); NATION at 0043 (disclosing the transaction may include metadata for subscriber). (“In such an embodiment, although a database is used to store up-to-date access permissions for confidential data, blockchain 308 still maintains an immutable record and manages the execution of transactions for these access permissions. Thus, blockchain 308 still provides transparency and assurance that established policies for the management of access to confidential data are being implemented.”); see further NATION at 0021 (disclosing the transaction information as included in “a transactions history”) (“In such an implementation, blockchain ledger 108 can store up-to-date access permissions for the set of identities while also storing a transaction history for all changes to access permissions for these identities.”).
7.2		 appending a unique initial signature value or a hash signature of a prior data transaction record in a data transaction blockchain ledger to the data transaction record;
[0070] At 606, the update can be submitted to a plurality of members of a blockchain community. For example, the validated update can be proposed to members of the blockchain community (e.g., partners 104 and 106). At 608, upon consensus from a block chain community, the update to the access permissions for the second entity can be executed, wherein the update is appended to a blockchain ledger that stores access permissions for the blockchain community, the blockchain community comprising a plurality of different organizations that share access to the confidential data store.
NATION at 0070 (“At 606, the update can be submitted to a plurality of members of a blockchain community . . . wherein the update is appended to a blockchain ledger that stores access permissions for the blockchain community . . .”); see further NATION at 0013 (disclosing explicitly that the unique initial signature value or a hash signature of a prior data transaction record, that is a “cryptographic hash signature,” is part of the records stored within the blockchain ledger of paragraph 0070) (“Implementations of a blockchain can be recursive, where each block in a ledger includes a cryptographic hash of the block preceding it.”); and further NATION at 0041 (disclosing an unique initial signature value as the signature generated by a key of the subscriber on the ledger) (“In some embodiments, blockchain 308 can be considered a key-based ledger, and each identity would have a key (or address) on the ledger.”).
7.3		 computing an additional hash signature of the data transaction record for appending to an additional data transaction record of the subscriber or an additional subscriber;
NATION at 0013 (disclosing that hash signatures are computed recursively for each additional transaction record) (“Implementations of a blockchain can be recursive, where each block in a ledger includes a cryptographic hash of the block preceding it.”).
7.4		 and adding the data transaction record that includes the subscriber identifier of the subscriber to the data transaction blockchain ledger.  
NATION at 0071 (“At 610, distributed copies of the blockchain ledger can be populated with the update. For example, the new block can be appended to blockchain 108, and blockchain copies 110 and 112 can be populated with the new block.”); NATION at 0059 (disclosing the subscriber identifier).
	Therefore claim 7 is rendered obvious by NATION in view of KALAVADE.

	Regarding claim(s) 8 NATION in view of KALAVADE disclose: The one or more non-transitory computer-readable media of claim 1, wherein the acts further comprise: 
		receiving a request from a user device of a user to retrieve metadata that matches a subscriber identifier of the subscriber from one or more blockchain ledgers;
[0038] FIG. 3 illustrates a flow for retrieving confidential data secured by a blockchain ledger according to an example embodiment. Flow 300 includes user 302, services 304, database 306, and blockchain 308. User 302 can be a user of an organization that is part of a blockchain community (e.g., entity 102 of FIG. 1). Services 304 can include software services suitable to implement various embodiments including an identity management service, database query service, web service, and the like. . . . Database 306 can be similar to database 114 of FIG. 1 or database 217 of FIG. 2 and blockchain 308 can be similar to blockchain ledger 108 of FIG. 1.
NATION at 0038.
		 retrieving corresponding metadata from at least one blockchain ledger using the subscriber identifier;
[0041] Once user 302's identity is validated, database 306 can retrieve access permissions or security attributes for the validated identity from blockchain 308. In some embodiments, blockchain 308 can be considered a key-based ledger, and each identity would have a key (or address) on the ledger. In such an embodiment, database 306 can retrieve values for user 302's key on blockchain 308, as the data at this location of blockchain 308 corresponds to the security attributes for user 302's identity.
NATION at 0041.
		 and sending the corresponding metadata that corresponds to the subscriber identifier to the user device, wherein the user is the subscriber or another person authorized to access the metadata.  
NATION at 0049 with Fig. 3 (disclosing the retrieved “security attributes” with the subscriber, as depicted by the arrow from “Attributes from User are Compared to Security Attributes of Data to Securely Return Data” and “User Authenticates”) (“Accordingly, an identity with corresponding security attributes may be permitted to retrieve data from the first table but not the second table, and in some implementations may be permitted to retrieve data from certain columns/rows of the first table but not other columns/rows of the first table.”).
	Therefore claim 8 is rendered obvious by NATION in view of KALAVADE.

	Regarding claim 10, NATION discloses: the computer-implemented method of claim 9, further comprising:
		receiving one or more data sharing preferences and a subscriber identifier of a subscriber that uses one or more communication services of a mobile network operator (MNO) from a user device of the subscriber, the one or more data sharing preferences controlling third-party access to subscriber data of the subscriber;
[0068] At 602, an update to access permissions from a first entity on behalf of a second entity can be received, wherein the update changes access permissions to a confidential data store. With reference to FIG. 1, a first identity of entity 102 (or partners 104 and/or 106) can request a change to access permissions for a second identity of entity 102. In some embodiments, the access permissions can secure confidential data stored at database 114. Database 114 can implement a security model that includes VPD and/or Oracle® security label protocols.
NATION at 0068 (disclosing receiving one or more data sharing preferences . . . the one or more data sharing preferences controlling third-party access to subscriber data of the subscriber).  Claim Interpretation: The claim recites to a subscriber that uses one or more communication services of a mobile network operator (MNO).  In other words, the recited identifier is associated with a subscriber, and the clause that uses . . . (MNO), describes the subscriber associated with the identifier.  However, there is no comma after (MNO) and before from that would clearly indicate where the description stops and the recited receiving step resumes, i.e., receiving . . . from a user device of the subscriber.  Examiner is interpreting the limitation as if the comma is present so that the limitation reads on: receiving . . . from a user device of the subscriber, where the subscriber uses one or more communication services of a mobile network operator (MNO).
		 generating a subscriber preference record having metadata that includes the one or more data sharing preferences and the subscriber identifier;
NATION at 0076 (“When an organization requests an updated to the access permissions for one of its identities, a sequence of actions can be triggered (e.g., a smart contract can be called) to execute the transaction. . . . A transaction or block can be appended to the blockchain that reflects the change in access permissions for the identity.”); NATION at 0059 (disclosing the metadata within the generated blockchain transaction record and subscriber identifier as the corresponding blockchain address) (“In some embodiments, when consensus is achieved and a new block is added to the blockchain, the block is stored with the hash of the previous block . . . and the hash of the data being added in this block. In some embodiments, the data itself is not encrypted and can technically be read by nodes of the blockchain ledger.  Although the data itself is not encrypted in some embodiments, the identities are protected, as each identity is referenced by an address (e.g., within the blockchain).”).
		 appending a unique initial signature value or a cryptographic hash signature of a prior subscriber preference record in the subscriber preference blockchain ledger to the subscriber preference record;
[0070] At 606, the update can be submitted to a plurality of members of a blockchain community. For example, the validated update can be proposed to members of the blockchain community (e.g., partners 104 and 106). At 608, upon consensus from a block chain community, the update to the access permissions for the second entity can be executed, wherein the update is appended to a blockchain ledger that stores access permissions for the blockchain community, the blockchain community comprising a plurality of different organizations that share access to the confidential data store.
NATION at 0070; NATION at 0013 (disclosing explicitly that the unique initial signature value or a cryptographic hash signature is part of the records stored within the blockchain ledger of paragraph 0070) (“Implementations of a blockchain can be recursive, where each block in a ledger includes a cryptographic hash of the block preceding it. Accordingly, a blockchain ledger can provide transparency for the underlying records or transactions represented by the ledger, for example from the genesis block (or transaction) to the most recent block (or transaction).”).
		 computing an additional cryptographic hash signature of the subscriber preference record for appending to an additional subscriber preference record of the subscriber or an additional subscriber;
NATION at 0077 (“Accordingly, the blockchain ledger can store up-to-date and transparent access permissions for identities of the community members (e.g., participating organizations). In some embodiments, when an identity requests access to the confidential information, the database can query the blockchain to retrieve the up-to-date access permissions for the requesting identity.”).
		 and adding the subscriber preference record that includes the subscriber identifier of the subscriber to the subscriber preference blockchain ledger.  
NATION at 0071 (“At 610, distributed copies of the blockchain ledger can be populated with the update. For example, the new block can be appended to blockchain 108, and blockchain copies 110 and 112 can be populated with the new block.”); NATION at 0059 (disclosing the subscriber identifier).
However, NATION does not explicitly disclose:
a subscriber that uses one or more communication services of a mobile network operator (MNO)
	KALAVADE discloses:
		 receiving one or more data sharing preferences and a subscriber identifier of a subscriber that uses one or more communication services of a mobile network operator (MNO) from a user device of the subscriber, the one or more data sharing preferences controlling third-party access to subscriber data of the subscriber;
KALAVADE at 0082 (“FIG. 5 shows how the information itself is collected by the brokering platform. The brokering platform sits in the mobile network and through adapters (called Collectors 510, 512, 514, 516) collects information from multiple sources—content level information from the GGSN/PDSN/HA 310 output, location information from LBS platforms, subscriber information from subscriber databases, Messaging traffic from SMSC/MMSC, USSD, etc.”); KALAVADE at 0057 (“The brokering platform collects data from a mobile network, correlates to generate enriched user-level profiles, and uses these profiles to provide targeting information to different applications and advertising platforms.”).
	NATION discloses a system that stores the access permissions for corresponding identities, or subscribers, in the metadata of transactions in a blockchain maintained by the “entity” system and nodes of member organizations, where prior and subsequent transactions related to an access permission request are connected by cryptographic hash signatures.  The access permissions stored in the blockchain grant permission for the corresponding identity to access the confidential data in the database maintained by the system.  KALAVADE discloses where the identity or subscriber, is in fact a subscriber of . . . a mobile network operator, for the analogous function of sharing mobile operator subscriber data for third party access.  It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention that the identity of NATION could be the subscriber of KALAVADE, because NATION discloses the identity as a user of a member or organization, without limiting to a specific type of organization, such that the system of NATION performs the same where the identity is the subscriber of KALAVADE.
	Therefore claim 10 is rendered obvious by NATION in view of KALAVADE.

	Regarding claim(s) 16, NATION discloses: The computer-implemented method of claim 9.  
	However, NATION does not explicitly disclose:
sending a marketplace price
receiving an asking price . . . publishing the asking price via a virtual marketplace to solicit one or more bids
receiving one or more bids that at least matches the asking price
providing . . . an accepted bid . . . in exchange for a payment that corresponds to the accepted bid.
	KALAVADE discloses:
		sending a marketplace price that is determined for a set of subscriber data of a subscriber to a user device of a subscriber;
		 receiving an asking price from the user device of the subscriber for the set of subscriber data of the subscriber publishing the asking price via a virtual marketplace to solicit one or more bids from at least one third-party for the set of subscriber data of the subscriber;
		 receiving one or more bids that at least matches the asking price from one or more computing devices of at least one third-party entity;
		 and providing a computing device of the third-party entity with an accepted bid with access to the set of subscriber data in exchange for a payment that corresponds to the accepted bid.  
[0284] The UBP solution can also be used by a carrier to develop an ad exchange or an exchange of ad networks. FIG. 23 shows the concept that a mobile operator 2380 can build subscriber profiles by using information collected by Monitors 2310. When serving content to mobile users, it can provide an ad request to a set of ad networks (2330, 2340) or to individual advertisers 2350 for the specific user. The network that responds with the best bid can be used to select the ad. The carrier would then work with publishers 2360 to provide the actual ad. The brokering platform 2370 builds the profiles of users and then uses the profiles to request and furnish the appropriate ad in real-time.
KALAVADE at 0284 (disclosing a mobile operator that builds subscriber profiles and exchanges bid amounts with a network, a third party entity, where the bid amount is payment for access to select the ad).
	It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention that the system, with identities, subscribers, of NATION could be implemented to exchange a bid system for selling information, as in KALAVADE, because NATION discloses a system for providing access to confidential data for a subscriber and third-party, and the system could perform this data access function in addition to charging the third-party for access, as in KALAVADE, because the system of NATION performs the same alone as in combination with the biding steps of KALAVADE, to a predictable result.  Therefore claim 16 is rendered obvious over NATION in view of KALAVADE.

	Regarding claim 19, 	The system of claim 18, wherein the plurality of actions further comprise:
	NATION discloses:
		receiving one or more data sharing preferences and a subscriber identifier of a subscriber that uses one or more communication services of a mobile network operator (MNO) from a user device of the subscriber, the one or more data sharing preferences controlling third-party access to subscriber data of the subscriber;
NATION at 0068 (as cited at claim 10, commensurate in scope).
		generating a subscriber preference record having metadata that includes the one or more data sharing preferences and the subscriber identifier;
NATION at 0076; NATION at 0059 (as cited at claim 10, commensurate in scope).
		 appending a unique initial signature value or a cryptographic hash signature of a prior subscriber preference record in the subscriber preference blockchain ledger to the subscriber preference record;
NATION at 0070; NATION at 0013 (as cited at claim 10, commensurate in scope).
		computing an additional cryptographic hash signature of the subscriber preference record for appending to an additional subscriber preference record of the subscriber or an additional subscriber;
NATION at 0077 (as cited at claim 10, commensurate in scope).
		and adding the subscriber preference record that includes the subscriber identifier of the subscriber to the subscriber preference blockchain ledger.  
NATION at 0071; NATION at 0059 (as cited at claim 10, commensurate in scope).
		However, NATION does not explicitly disclose:
a subscriber that uses one or more communication services of a mobile network operator (MNO)
	KALAVADE discloses:
		 receiving one or more data sharing preferences and a subscriber identifier of a subscriber that uses one or more communication services of a mobile network operator (MNO) from a user device of the subscriber, the one or more data sharing preferences controlling third-party access to subscriber data of the subscriber;
KALAVADE at 0082 (as cited at claim 10, commensurate in scope).
	It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention that the identity of NATION could be the subscriber of KALAVADE, because NATION discloses the identity as a user of a member or organization, without limiting to a specific type of organization, such that the system of NATION performs the same where the identity is the subscriber of KALAVADE.
	Therefore claim 19 is rendered obvious by NATION in view of KALAVADE.

	Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over NATION in view of KALAVADE, and in further view of US 20200374106 A1 (“PADMANABHAN”).

	Regarding claim 3, the combination of NATION in view of KALAVADE discloses: The one or more non-transitory computer-readable media of claim 2.  NATION discloses wherein the acts further comprise: 
3.1		receiving a request from a user device of a subscriber to perform an action with respect to a set of subscriber data of the subscriber, the action includes deleting or modifying the set of subscriber data;
NATION at 0040 (disclosing only receiving a request from a user device of a subscriber to perform an action with respect to a set of subscriber data of the subscriber where the action is querying the database for confidential data) (“Once an identity for user 302 is authenticated, the user can leverage services 304 to query database 306 for confidential information. In response, database 306 can validate user 302, for example based on the user's previous authentication.”); NATION at 0038 (disclosing Fig. 3 as applies to any user, whether partner 104 or third-party 106) (“User 302 can be a user of an organization that is part of a blockchain community (e.g., entity 102 of FIG. 1). Services 304 can include software services suitable to implement various embodiments including an identity management service, database query service, web service, and the like.”).
3.2		 retrieving one or more access policy settings for the set of subscriber data from the access configuration blockchain ledger;
NATION at 0048 (“Considering the retrieved security attributes or access permissions illustrated in FIG. 3, the authenticated and validated identity of user 302 is permitted to retrieve information keyed with the security attributes of subset 404 based on a correspondence between the access permissions for the identity of user 302 and the security attributes of the subset 404.”).
3.3		 in response to the one or more access policy settings permitting the action, performing the action with respect to the set of subscriber data;
NATION at 0048 (disclosing the performing in response to the permitting) (“[T]he authenticated and validated identity of user 302 is permitted to retrieve information keyed with the security attributes of subset 404 . . . .”); NATION at 0077 (“In some embodiments, when an identity requests access to the confidential information, the database can query the blockchain to retrieve the up-to-date access permissions for the requesting identity. These access permissions can then be used to retrieve corresponding confidential information from the database, thus ensuring that up-to-date and transparent access permissions are used to retrieve only the confidential information that the identity is permitted to access”).  Claim Interpretation: The recitation to access policy settings permitting, is descriptive of the access policy settings and does not positively recite performing permitting as a function.  Thus, the term permitting is interpreted as describing the access policy settings such that the settings indicate or allow permitting access to the recited user.
3.4		 and in response to the one or more access policy settings not permitting the action, sending a notification to the user device indicating that the action is not permitted.  
NATION at 0048 (disclosing the one or more access policy settings not permitting the action that “retrieved security attributes or access permissions” are required for “the validated identity of user 302 [to be] permitted to retrieve information”).
	However, the combination of NATION in view of KALAVADE does not explicitly disclose:
at 3.1 the action includes deleting or modifying the set of subscriber data
at 3.4 sending a notification to the user device indicating that the action is not permitted
	PADMANABHAN discloses:
3.1		receiving a request from a user device of a subscriber to perform an action with respect to a set of subscriber data of the subscriber, the action includes deleting or modifying the set of subscriber data;
[0128] According to the operations of another embodiment, the permissions defined by the metadata further include one or more of: permission for the founder org granted by the founder org to modify the metadata; permission for the founder org granted by the founder org to modify the data stored by the network org . . . and permission for the founder org granted by the founder org to declare new business rules common across all of the authorized network participants for the network org.
PADMANABHAN at 0128 (disclosing the founder org with user client device as having permission, based on the metadata stored in a blockchain, to modify data stored in a relational database system).
3.4		 and in response to the one or more access policy settings not permitting the action, sending a notification to the user device indicating that the action is not permitted.  
[0662] According to yet additional embodiments, conditions specified via a metadata rule may further be limited according to whether a transaction on the blockchain is by an “owner” of a declared application or a “party” of a declared application (DApp). . . . Further still, such a rule could be utilized to trigger a notification when a “party” but not “owner” submits a record change transaction, with the defined metadata a rule then defining whether or not that transaction is processed or rejected.
PADMANABHAN at 0662 (disclosing a “trigger rule” for a notification to be transmitted based on the rejection of a record change); PADMANABHAN at 0622 (“Additionally permissible are post execution metadata rules for all transactions. Such rules may be utilized to take some action after a transaction occurs on the blockchain, such as triggering a notification or issuing a confirmation to a transaction requestor . . . .”).
	The invention of PADMANABHAN, like NATION and the present application, discloses a system in communication with user client devices that maintains a blockchain storing metadata, where the metadata determines access to a confidential database system based on the permissions associated with the user.  Thus, the system of PADMANABHAN, like NATION, is analogous to the brokering platform of KALAVADE. 
	NATION discloses the subscriber identity providing confidential data to be stored in a database, and accessing that confidential data; KALAVADE discloses the brokering platform with mobile operator subscriber; and PADMANABHAN further discloses that a blockchain and database system, as in NATION, can allow a user device to access and modify their confidential data.  In view of this, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention, that the system of NATION, where the user identity is that of a subscriber mobile operator in KALAVADE, could permit a subscriber to modify confidential data stored in the database, because NATION already discloses the user querying the stored data based on metadata permissions, as in PADMANABHAN, such that the system of NATION could allow the same permissioned users to modify the data, to a predictable result.
	Therefore claim 3 is rendered obvious by NATION, in view of KALAVADE, and in further view of PADMANABHAN.

	Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over NATION in view of KALAVADE, and in further view of H. Oh, S. Park, G. M. Lee, H. Heo and J. K. Choi, "Personal Data Trading Scheme for Data Brokers in IoT Data Marketplaces," in IEEE Access, vol. 7, pp. 40120-40132, 2019, doi: 10.1109/ACCESS.2019.2904248. (“OH”).

	Regarding claim(s) 5, NATION in view of KALAVADE disclose: The one or more non-transitory computer-readable media of claim 4, 
	However, the combination of NATION in view of KALAVADE does not explicitly disclose: 
	wherein the acts further comprise:
		receiving a payment from the computing device of the third-party entity for access to the set of subscriber data of the subscriber; and
		 providing, via the data broker platform, at least a portion of the payment to an account of the subscriber for the third-party access to the set of subscriber data.  
	OH discloses the above limitations of claim 5: 

    PNG
    media_image1.png
    408
    386
    media_image1.png
    Greyscale

HO at 40122-23, Fig. 1 (depicting a data broker model that provides subscriber data from “data provider” subscribers, to a data broker, where the data broker sells data to third party data consumers) (“This section describes a personal data trading model. We consider a IoT data market consisting of three groups that behave for their own benefits:  GP={ω1,⋯,ωN}, a group of candidates who may provide their own personal data; dB, a single data broker who processes personal data and provides it as a service;  GS={τ1,⋯,τM} a group of candidates who may subscribe a service from the data broker.”).
	The invention of OH, like NATION and KALAVADE, discloses a data broker platform purchases subscriber data from data providers, embodied as consumers with user devices, sells that information to third-party data consumers.  It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention that the system of NATION, with third party partner 106, could pay the central entity for access to the data provided by subscriber partner 104, as disclosed by OH, where the user identity is that of a subscriber mobile operator in KALAVADE, because the step of payment as performed by a device to an entity can be performed by applying a known technique to a known device (method, or product) ready for improvement to yield predictable results.
	Therefore claim 5 is rendered obvious by NATION, in view of KALAVADE, and in further view of OH.

	Regarding claim(s) 17, NATION discloses: The computer-implemented method of claim 16, further comprising 
	The combination of NATION in view of KALAVADE does not explicitly disclose:
sending at least a portion of the payment to an account of subscriber
	OH discloses:
		sending at least a portion of the payment to an account of subscriber.
HO at 40122-23, Fig. 1 (depicting a data broker model that provides subscriber data from “data provider” subscribers, to a data broker, where the data broker sells data to third party data consumers) (“This section describes a personal data trading model. We consider a IoT data market consisting of three groups that behave for their own benefits:  GP={ω1,⋯,ωN}, a group of candidates who may provide their own personal data; dB, a single data broker who processes personal data and provides it as a service;  GS={τ1,⋯,τM} a group of candidates who may subscribe a service from the data broker.”).
	Therefore claim 17 is rendered obvious by NATION in view of KALAVADE, and in further view of OH.


	Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over NATION in view of KALAVADE, in view of OH, and further in view of PADMANABHAN.

	Regarding claim(s) 6, NATION, in view of KALAVADE, and in further view of OH disclose: The one or more non-transitory computer-readable media of claim 5,
	NATION further discloses:
		wherein the providing includes encrypting the set of subscriber data into encrypted subscriber data and sending the encrypted subscriber data to the computing device of the third-party entity.  
[0073] At 614, confidential information can be accessed by the second entity using the updated access permissions. In an embodiment, database 114 can return confidential information requested from database 114 that has security attributes that correspond to the retrieved access permissions for the second identity.
NATION at 0073; NATION at 0075 (“For example, the confidential information can be stored in a database and keyed with varying security parameters (e.g., security classification level, title, project name, release, and the like)”); NATION at 0019 (“System 100 includes entity 102, partners 104 and 106, blockchain 108, blockchain copies 110 and 112, and database 114. In some embodiments, entity 102 can be an organization that has access to confidential information stored in database 114.”).
	NATION discloses data “keyed with varying security parameters.” 
	However, the combination of NATION in view of KALAVADE, and in further view of OH, does not explicitly disclose encrypting the set of subscriber data [and sending] encrypted data.
	PADMANABHAN discloses: 
		encrypting the set of . . .data into encrypted . . . data and sending the encrypted . . . data to the computing device . . . .  
[0336] FIG. 5B depicts another example architecture 502 for performing dynamic metadata validation of stored data in accordance with described embodiments. In this example architecture, the blockchain consensus manager 191 and the permissions manager 181 operate to support consensus on read and access control processes as further described in relation to FIGS. 10-12.. . .[0337] According to certain embodiments, it is desirable to improve the efficiency of data stored on the blockchain 399, and therefore, all new transactions having data to be written to the blockchain perform a data merge 569 process prior to writing the new data to the blockchain.. . .[0339] Protocol Buffers (referred to as a protobuf or protobuff) provide a means for serializing structured data, thus converting the retrieved data 566 and the new validated data 567 into a merged serialized byte stream at the protobuf generator 599. This has the added benefit of permitting encryption of the merged data and providing such data in a byte stream format which is easily usable by any other application later retrieving the stored data.
PADMANABHAN at 0336-39 (disclosing the metadata validation of stored data in a database that is  encrypted, and then transmitted in a “serialized byte stream,” as a part of a “data merge process” that is performed prior to writing new transactions onto the blockchain.).
	The invention of PADMANABHAN, like NATION and the present application, discloses a system in communication with user client devices that maintains a blockchain storing metadata, which is used to validate access to a confidential data store.  NATION discloses that providing includes keying the confidential subscriber data with security parameters, the set of subscriber data, keyed with security parameters, and sending the data keyed with security parameters to the computing device of the third-party entity.  It would obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention—that where NATION discloses confidential data that is validated by metadata and stored in a database, to be keyed by a security parameter, with the subscriber of KALAVADE, and data broker payment of OH—to modify the database of NATION to encrypt retrieved data, as in PADMANABHAN, because each of NATION and PADMANABHAN disclose databases validated by blockchain metadata and “keyed by security parameters,” could further include cryptographic keys, to a predictable result.
	Therefore claim 6 is rendered obvious by NATION, in view of KALAVADE, in view of OH, and in further view of PADMANABHAN.


	Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over NATION in view of PADMANABHAN.

	Regarding claim 12, the combination of NATION in view of KALAVADE discloses: The computer-implemented method of claim 9, further comprising: 
	NATION further discloses:
12.1		receiving a request from a user device of a subscriber to perform an action with respect to the set of subscriber data of the subscriber, the action includes deleting or modifying the set of subscriber data;
NATION at 0040 (disclosing only receiving a request from a user device of a subscriber to perform an action with respect to a set of subscriber data of the subscriber where the action is querying the database for confidential data) (“Once an identity for user 302 is authenticated, the user can leverage services 304 to query database 306 for confidential information. In response, database 306 can validate user 302, for example based on the user's previous authentication.”); NATION at 0038 (disclosing Fig. 3 as applies to any user, whether partner 104 or third-party 106) (“User 302 can be a user of an organization that is part of a blockchain community (e.g., entity 102 of FIG. 1). Services 304 can include software services suitable to implement various embodiments including an identity management service, database query service, web service, and the like.”).
12.2		 retrieving one or more access policy settings for the set of subscriber data from the access configuration blockchain ledger;
NATION at 0048 (“Considering the retrieved security attributes or access permissions illustrated in FIG. 3, the authenticated and validated identity of user 302 is permitted to retrieve information keyed with the security attributes of subset 404 based on a correspondence between the access permissions for the identity of user 302 and the security attributes of the subset 404.”).
12.3		 in response to the one or more access policy settings permitting the action, performing the action with respect to the set of subscriber data;
NATION at 0048 (disclosing the performing in response to the permitting) (“[T]he authenticated and validated identity of user 302 is permitted to retrieve information keyed with the security attributes of subset 404 . . . .”); NATION at 0077 (“In some embodiments, when an identity requests access to the confidential information, the database can query the blockchain to retrieve the up-to-date access permissions for the requesting identity. These access permissions can then be used to retrieve corresponding confidential information from the database, thus ensuring that up-to-date and transparent access permissions are used to retrieve only the confidential information that the identity is permitted to access”).  Claim Interpretation: The recitation to access policy settings permitting, is descriptive of the access policy settings and does not positively recite performing permitting as a function.  Thus, the term permitting is interpreted as describing the access policy settings such that the settings indicate or allow permitting access to the recited user.
12.4		 and in response to the one or more access policy settings not permitting the action, sending a notification to the user device indicating that the action is not permitted.  
NATION at 0048 (disclosing the one or more access policy settings not permitting the action that “retrieved security attributes or access permissions” are required for “the validated identity of user 302 [to be] permitted to retrieve information”).
	However, the combination of NATION in view of KALAVADE does not explicitly disclose:
the action includes deleting or modifying the set of subscriber data
sending a notification to the user device indicating that the action is not permitted
	PADMANABHAN discloses:
12.1		receiving a request from a user device of a subscriber to perform an action with respect to the set of subscriber data of the subscriber, the action includes deleting or modifying the set of subscriber data;
[0128] According to the operations of another embodiment, the permissions defined by the metadata further include one or more of: permission for the founder org granted by the founder org to modify the metadata; permission for the founder org granted by the founder org to modify the data stored by the network org . . . and permission for the founder org granted by the founder org to declare new business rules common across all of the authorized network participants for the network org.
PADMANABHAN at 0128 (disclosing the founder org with user client device as having permission, based on the metadata stored in a blockchain, to modify data stored in a relational database system).
12.4		and in response to the one or more access policy settings not permitting the action, sending a notification to the user device indicating that the action is not permitted. 
[0662] According to yet additional embodiments, conditions specified via a metadata rule may further be limited according to whether a transaction on the blockchain is by an “owner” of a declared application or a “party” of a declared application (DApp). . . . Further still, such a rule could be utilized to trigger a notification when a “party” but not “owner” submits a record change transaction, with the defined metadata a rule then defining whether or not that transaction is processed or rejected.
PADMANABHAN at 0662 (disclosing a “trigger rule” for a notification to be transmitted based on the rejection of a record change); PADMANABHAN at 0622 (“Additionally permissible are post execution metadata rules for all transactions. Such rules may be utilized to take some action after a transaction occurs on the blockchain, such as triggering a notification or issuing a confirmation to a transaction requestor . . . .”).
	NATION discloses the subscriber identity providing confidential data to be stored in a database, and accessing that confidential data; PADMANABHAN further discloses that a blockchain and database system, as in NATION, can allow a user device to access and modify their confidential data.  In view of this, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention, that the method implemented on the system of NATION, could permit a subscriber to modify confidential data stored in the database, because NATION already discloses the user querying the stored data based on metadata permissions, as in PADMANABHAN, such that the system of NATION could allow the same permissioned users to modify the data, to a predictable result.
	Therefore claim 12 is rendered obvious by NATION, in view of PADMANABHAN.

	Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over NATION in view of OH.

	Regarding claim(s) 13, NATION discloses: The computer-implemented method of claim 9.  However, NATION does not disclose further comprising:
		receiving a payment from the computing device of the third-party entity for access to the set of subscriber data of the subscriber; and
		 providing at least a portion of the payment to an account of the subscriber for the access by the third-party to the set of subscriber data.
	OH discloses the above limitations of claim 13:

    PNG
    media_image1.png
    408
    386
    media_image1.png
    Greyscale

HO at 40122-23, Fig. 1 (depicting a data broker model that provides subscriber data from “data provider” subscribers, to a data broker, where the data broker sells data to third party data consumers) (“This section describes a personal data trading model. We consider a IoT data market consisting of three groups that behave for their own benefits:  GP={ω1,⋯,ωN}, a group of candidates who may provide their own personal data; dB, a single data broker who processes personal data and provides it as a service;  GS={τ1,⋯,τM} a group of candidates who may subscribe a service from the data broker.”).
	The invention of OH, like NATION, discloses a data broker platform purchases subscriber data from data providers, embodied as consumers with user devices, sells that information to third-party data consumers.  It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention that the system of NATION, with third party partner 106, could pay the central entity for access to the data provided by subscriber partner 104, as disclosed by OH, because the step of payment as performed by a device to an entity can be performed by applying a known technique to a known device (method, or product) ready for improvement to yield predictable results.
	Therefore claim 13 is rendered obvious by NATION in view of OH.

Relevant Prior Art Not Relied Upon
	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
PUERTOLAS-MONTANES US 20140344015 A1 [0016] Therefore, it is a first objective of the present invention to provide an integrated system comprising means for enabling a consumer to control and monetize their personal data, both as it is generated by their activity and as it is stored in the memory of a computer device, which thereby improves the privacy of the individual consumer and of their data while simultaneously enabling said consumer to capitalize on the monetary value inherent in said personal data and on stored content. A principal method for sharing revenue with consumers who are users of the systems of the invention is via the distribution of revenue according to equity shares or cooperative schemes whereby the quality and quantity of activities of the individual consumers, and/or the characteristics of their subscriptions and services on the system, determine what value they receive in exchange for their decisions to monetize certain data. A variety of profit sharing, shareholding, and remuneration schemes are provided according to a schedule of terms that can be specified by an administrator of any Community of members (i.e., subscribing consumers) of any implementation of the invention. Mixed methods may be employed also, whereby some forms of content can be monetized on a per-use basis, others on a royalty basis, and others on an equity or dividend basis, and so on.
AHMED US 11144666 B2 (29) In some embodiments, the smart contract 306 provides authentication credentials to the third-party device 308 so that the third-party device may access the data location 304. In some embodiments, the data location 304 is in communication with the smart contract 306 and automatically provides access to the third-party device 308 when the user device 302 changes the access state with the smart contract 306. . . . (31) The smart contract 306, upon establishing communication with the third-party device 308, may communicate an indication to the user device 302 that access has been granted to the third-party device 308 (step 320). The communication 318 between the third-party device 308 and the data location 304 may exist until a condition terminating the access (stored as a state of the smart contract 306) is met, such as a time condition.
GRANT WO 2019072823 A1 [6:36] By using the measures proposed by aspects of the invention, it becomes possible to reliably share data, in the shape of messages and/or documents, asynchronously between nodes in a communication network. The encrypted data is stored in a high-performance database, and only the intended recipient is capable of decrypting its content. Data sharing is traceable as an immutable metadata store, preferably implemented by at least one blockchain, records any cryptographically signed data sharing transaction for further verification, proof of data possession or auditing by third parties - without providing access to the data itself, which only the intended recipient(s) has access to. The proposed solution is scalable as it does not have to rely on a single, ever growing blockchain. A plurality of blockchains may be used, for example one per offered sendee, as the transaction volume or shared data volume requires. The owner of shared data remains in control over which entity in the communication network has access to which part of the shared data.
LE JOUAN US 20160196451 A1 [0137] An example of what could be provided for a fee in a particular implementation includes a controlled data sharing server facilitating: stopping receipt of information from one or more entities; asking an entity to delete a profile (possibly excluding relationships for which the profile is required, such as banks, Internet providers, mobile operators, etc.), though the system will not necessarily be capable of enforcing deletion of a profile at an entity unless the entity consents; viewing the aggregate rate of reputation/appreciation based on community input; allowing one or more sites to track behavior for advertising or other in accordance with user preferences, and possibly including having the entity compensate the user for allowing them to track behavior; analyzing ecommerce email transactions with detail synthesis of purchases per week, month, year, type of product, brand, etc.; providing a household view of expenses including consolidation of emails under a family nickname if each member uses an email alias for ecommerce sites; allowing parents to obtain information on where their children have given personal data and what they have disclosed.
Non-Patent Literature
N. B. Truong, K. Sun, G. M. Lee and Y. Guo, "GDPR-Compliant Personal Data Management: A Blockchain-Based Solution," in IEEE Transactions on Information Forensics and Security, vol. 15, pp. 1746-1761, 1750, 2020, doi: 10.1109/TIFS.2019.2948287.
    PNG
    media_image2.png
    523
    588
    media_image2.png
    Greyscale
2) High-Level System Architecture: A conceptual model of the proposed platform is illustrated in Fig. 2. The inclusive idea is that mechanisms which are related to GDPR compliance are ported to a BC network from a traditional centralised server. In particular, the Authorisation and Authentication, IdM and Access Control; and Logging and Provenance components are implemented in the form of SCs deployed in a BC network. If a BC framework offers Turing-completeness (e.g., Ethereum and Hyperledger Fabric), GDPR-related mechanisms can be conveyed by SCs. As depicted in Fig. 2, all activities on personal data are authenticated and authorised by the proposed BC platform (step 1 and 2). The BC, playing as a role of a delegated authentication and authorisation server, issues an access token as “proof of permission” showing that a party has been granted to access a particular dataset. An authorised SP receives the access token (step 2) and use it to request desired data from the RS (step 3). The RS interacts with the BC platform to validate the granted access (step 4 and 5) before returns the requested data (step 6). The validation ensures the granted access is still valid and honestly used by the corresponding authorised party.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JEFFREY L LICITRA whose telephone number is (571)272-5340. The examiner can normally be reached 9:00AM-5:00PM M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on 571-270-1492. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

J.L.L.
Examiner
Art Unit 3685



/NEHA PATEL/Supervisory Patent Examiner, Art Unit 3685