DETAILED ACTION
Acknowledgements
This Office Action is in response to Applicant’s correspondence filed on 7/28/22.
The Examiner notes that citations to United States Patent Application Publication paragraphs are formatted as [####], #### representing the paragraph number.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Status of Claims
Claims 1-24, 26-27 are currently pending.
Claims 1-5 are withdrawn.
Claims 6-24, 26-27 are rejected as set forth below.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 7/28/22 has been entered.
 
	Response to Arguments	
Claim Rejections - 35 U.S.C. § 103
Applicant' s arguments with respect to claim(s) 6-24, 26-27 have been fully considered but are not persuasive. The rejection (and corresponding rejections to its dependent claims, if applicable) is maintained.
Applicant contends Michaels fails to teach or suggest a user submitting a secret exchange key and the user’s address. In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). Specifically, Domokos teaches a user interacting with a provider application that generates user data ([0087]). Michaels teaches wherein the provider creates a secret exchange key, and makes the secret exchange key available for an entity; wherein the system executes an authenticated request for the secret exchange key; wherein the entity submits the secret exchange key and the entity's public address; wherein the provider validates the secret exchange key; (col 8 lines 47-51; Fig 4, col 9 lines 45-51). One of ordinary skill in the art would have recognized that applying the known technique of Michaels to the known invention of Domokos would have yielded predictable results and resulted in an improved invention. It would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such cryptography features into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying the invention to allow an entity, such as a user of said user data, to use a secret exchange key for validating purposes results in an improved invention because applying said technique ensures that only authorized entities have access to the data, thus improving the overall security of the invention.
Applicant contends Ben-Ari fails to teach or suggest “wherein the system permits the user to unpublish the user data and make the user data unavailable for future access by another entity”. The Examiner respectfully disagrees. Ben-Ari teaches implementing the right to be forgotten by removing the ability to decrypt and access user data by destroying an intermediary private key used for decrypting the user data ([0102]-[0103], “There are situations where a user wishes to have their data removed from storage systems. Blockchain smart contracts maintain historical state indefinitely, and are therefore able to provide a capability for physically removing historical user data. The solution for implementing the Right to be Forgotten in a blockchain smart contract is for data to be encrypted and decrypted by the sender using an additional intermediary public key. When data is shared with other users, those user's ability to decrypt the data must be dependent on the intermediary private key that is hidden from them off-chain and is controlled only by the user sharing their data. An off-chain service will be provided by the sender to decrypt the data using the intermediary private key. When they wish to be forgotten, they simply disable the off-chain decryption service and destroy the intermediary private key.”)


Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claims 6-24, 26-27 are rejected under 35 U.S.C. 103(a) as being unpatentable over United States Patent Application Publication No. 2019/0228461 to Domokos in view of United States Patent No. 8,566,952 to Michaels and United States Patent Application Publication No. 20180343114 to Ben-Ari.
As per claims 6, 22, Domokos teaches:
at least one computer processer; a provider; a public database; a provider private database; (Fig 1, [0038] – [0041])
a user wherein the user interacts with a provider application that generates user data, wherein the provider stores a record of the interaction; ([0087], “In one embodiment, a consumer 160 is incentivized to allow the omnichannel commerce platform 100 to collect data regarding the consumer (e.g., via a mobile phone or other data processing system used by the consumer) by paying such consumer using a cryptocurrency and/or a cryptographic token. Such data that may be collected in exchange for cryptocurrency and/or cryptographic tokens may include consumer behavioral data, information about the consumer's shopping preferences information about the consumer's shopping transactions, information about the consumer's payment methods, information about the consumer's usage of loyalty points, information about the consumer's usage of digital offers, information about the consumer's usage of discounts, information about the consumer's usage of smart contracts, information about the consumer's usage of cryptocurrencies, information about the consumer's usage of classic currencies, information about the consumer's usage of cryptographic tokens, information about the consumer's responses to various graphical user interface aspects of a data processing system (e.g., which buttons or colors presented to the consumer via a mobile app or web browser tend to trigger certain consumer actions), information about the consumer's trips, information about the consumer's job or professional activities, information about the consumer's communication patterns (including phone, text, chat, or verbal communications), information about the consumer's mode of transportation, information about the consumer's connections, friends and relatives, information about the consumer's travel patterns, information about the consumer's web surfing activities, information about the consumer's mobile app usage activities, and so on.”)
wherein the provider finds at least one data contract that can accept the user data; ([0087], “In various embodiments, a consumer's account may be credited with cryptocurrency units and/or cryptographic tokens when commerce data relating to that consumer is collected from the consumer or from a third party, when a purchase transaction involving that consumer is completed, at a later predetermined or random time, at regular intervals, in response to smart contracts or other rules, when data relating to that consumer is monetized (e.g., when another entity purchases commerce data, data analytics or KPIs that include that consumer's data), and/or at other times.”)
Domokos does not explicitly teach, but Michaels teaches:
wherein the provider creates a secret exchange key, and makes the secret exchange key available for an entity; wherein the system executes an authenticated request for the secret exchange key; wherein the entity submits the secret exchange key and the entity's public address; wherein the provider validates the secret exchange key; (col 8 lines 47-51, “Master key manager 416 receives or generates, for example, when requested by a sufficiently authenticated (using conventional authentication techniques) system administrator, master keys as described above and stores the master keys it receives or generates into key and counter storage 412.”; Fig 4, col 9 lines 45-51, “At any time, a request for data, including a permission object generated as described above (including logging the request by the third party or parties) may be received as described above. When such a request is received, communication interface 448 forwards the request and the source IP address, source port and optionally the protocol to request manager 430.”, The requestor 500 is equivalent to the entity.; col 10 lines 59-63, “In one embodiment, an identifier of the master key is included as part of the request, and request manager 430 provides the identifier of the master key to master key identification manager 440, which attempts to validate only the identified master key as described above.”)
wherein the provider encrypts the data. (col 1 line 63 – col 2 line 5)
One of ordinary skill in the art would have recognized that applying the known technique of Michaels to the known invention of Domokos would have yielded predictable results and resulted in an improved invention. It would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such cryptography features into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying the invention to allow an entity, such as a user of said user data, to use a secret exchange key for validation purposes results in an improved invention because applying said technique ensures that only authorized entities have access to the data, thus improving the overall security of the invention.
Domokos as modified does not explicitly teach, but Ben-Ari teaches:
wherein, upon validating the secret exchange key, authorizing an action; ([0089], “Individual users will create their own (off-node) private key on their own personal device (for example: on their mobile phone). The user private key will be used to cryptographically sign the data sent from the user device. The smart contract will be able to validate that the data provided was signed with the user private key by verifying the signature in the data that was sent to the smart contract (this can be achieved by called a signature verification function inside the smart contract code, in the Ethereum Solidity smart contract programming language, for example, this possible using the ecverify function). In this way, another party or user can independently check that the data was indeed provided by the user, even though the user did not directly sign the blockchain transaction.”)
wherein the system permits the user to unpublish the user data and make the user data unavailable for future access by another entity; ([0102]-[0103], “There are situations where a user wishes to have their data removed from storage systems. Blockchain smart contracts maintain historical state indefinitely, and are therefore able to provide a capability for physically removing historical user data. The solution for implementing the Right to be Forgotten in a blockchain smart contract is for data to be encrypted and decrypted by the sender using an additional intermediary public key. When data is shared with other users, those user's ability to decrypt the data must be dependent on the intermediary private key that is hidden from them off-chain and is controlled only by the user sharing their data. An off-chain service will be provided by the sender to decrypt the data using the intermediary private key. When they wish to be forgotten, they simply disable the off-chain decryption service and destroy the intermediary private key.”)
One of ordinary skill in the art would have recognized that applying the known technique of Ben-Ari to the known invention of Domokos as modified would have yielded predictable results and resulted in an improved invention. It would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such cryptography features into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying the invention to authorize an action, such as finding a data contract that can accept user data, upon validating an exchange key results in an improved invention because applying said technique ensures that the data was indeed provided by the user with the exchange, thus confirming the user identity and improving the overall security of the invention (Ben-Ari, [0089]).
One of ordinary skill in the art would have recognized that applying the known technique of Ben-Ari to the known invention of Domokos as modified would have yielded predictable results and resulted in an improved invention. It would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such cryptography features into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying the invention to permit the user to unpublish the user data to make the user data unavailable for future access, such as a future purchase, by another entity, such as a purchaser, results in an improved invention because applying said technique ensures that the user has the right to remove their data for privacy purposes, thus improving the overall security of the invention (Ben-Ari, [0103]).

As per claim 7, Michaels teaches:
wherein the data is encrypted with a master wallet. (col 1 line 63 – col 2 line 5)
As per claim 8, Domokos teaches:
comprising a user wallet created by the provider platform. ([0087])
As per claim 9, Domokos teaches:
wherein the user wallet has a user wallet data token balance. ([0087])
As per claim 10, Michaels teaches:
a provider application programming interface, wherein application programming interface executes the authenticated request for the exchange key. (col 8 lines 33-46)
As per claim 11, Michaels teaches:
a hash function. (col 5 lines 24-36, “In one embodiment, to validate a signature, the permission object (except for the signature or signatures) is hashed using a same conventional cryptographic hash function that was used to produce the signature or signatures, and using the selected permission granting key.”
As per claim 12, Michaels teaches:
a public unauthenticated application programming interface, wherein the public unauthenticated application programming interface accepts the submitted exchange key. (col 10 lines 59-63)
As per claim 13, Domokos teaches:
comprising selling the user data to a purchaser. ([0087])
As per claim 14, Domokos teaches:
wherein the purchaser is permitted to view all data available for sale on the master data contract. ([0087])
As per claim 15, Domokos teaches:
wherein the purchaser funds a master data contract with data tokens wherein the data tokens. ([0087])
As per claim 16, Domokos teaches:
wherein the purchaser calls a purchase function on a master data contract using a purchaser interface. ([0087])
As per claim 17, Domokos teaches:
wherein the purchaser user interface is an application. ([0112], “The exemplary data processing system 200 may include one or more logic modules 220 and/or 221, also denoted data processing modules, or modules. Each logic module 220 and/or 221 may consist of (a) any software application.”) 
As per claim 18, Michaels teaches:
an exchange key retrieval operation wherein the exchange key retrieval operation comprises: mapping the exchange key to a data address; and wherein the provider recreates the decryption key. (col 11 lines 5-22, “If it receives from master key identification manager 440 a session key and master key identifier, request manager 430 provides the specification from the request and the decrypted session key it received to decryption manager 444, which decrypts the data corresponding to the specification in data, fingerprint and session key storage 452 using the decrypted session key, and provides the data to request manager 430. Request manager 430 uses the IP address and port and protocol to build a response containing the decrypted data, and provides it to the device that sent the request via input/output 450 of communication interface 448. If desired, the decrypted data may be encrypted by request manager using the public key of a public key pair for which the recipient has the private key, and in such embodiment, the encrypted data is sent as part of the response instead of the decrypted data. The public key may be sent as part of the request by the requestor. In one embodiment, each request contains an identifier of the request, and the identifier is included with the response.”)
As per claim 19, Michaels teaches:
wherein the provider returns the decryption key to the purchaser. (col 11 lines 5-22)
As per claim 20, Michaels teaches:
decrypted user data, wherein the purchaser uses the decryption key to decrypt the user data at the data address. (col 11 lines 5-22)
As per claim 21, Domokos teaches:
permitting a user to post additional information including but not limited to pictures, SKU information and geographic location. ([0087])
Furthermore, Applicant attempts to further limit the method by describing characteristics of the additional information. However, this is representative of non-functional descriptive material as characteristics of the additional information does not result in a functional relationship with the method and therefore cannot be used to differentiate Applicant's invention from the prior art invention. See MPEP 2111.05; In re Gulack, 217 USPQ 401 (Fed. Cir. 1983) (“When descriptive material is not functionally related to the substrate, the descriptive material will not distinguish the invention from the prior art in terms of patentability.”). Specifically, the step of permitting a user to post additional information is carried out the same way regardless of the type of information being posted: there is no evidence the characteristics of the additional information changes the efficiency or the accuracy or any other characteristic of the permitting of the posting of information. See Ex Parte Nehls, 88 USPQ2d 1883 (BPAI 2008) (“Here, the descriptive material (SEQ ID NOs) recited in the claims is not functional material like the data structures in Lowry. There is no evidence that SEQ ID NOs 9-1008 functionally affect the process of comparing a target sequence to a database by changing the efficiency or accuracy or any other characteristic of the comparison. Rather, the SEQ ID NOs are merely information being manipulated by a computer; the SEQ ID NOs are inputs used by a computer program that calculates the degree of similarity between a target sequence and each of the sequences in a database. The specific SEQ ID NOs recited in the claims do not affect how the method of the prior art is performed – the method is carried out the same way regardless of which specific sequences are included in the database (emphasis added).”)
As per claim 23, Ben-Ari teaches:
wherein, upon receiving, from the provider, the at least one data contract that can accept the user data, the user submits a proof grant to a data contract of the at least one data contract to the provider; ([0045] – [0058], “The use case is related to party A initiating a transaction (initiator A) to a recipient B, a smart contract including private data 1 and public data 2, e.g. in Known Your Customer (KYC) transactions, it may include customer attributes such as customer name which represents a public data item and customer address and bank account which represent private data items. The following steps are performed: 1. Generation of the smart control by initiator A (1.02): 1.1 Initiator A randomly generates a new shared secret (SH1), encrypts the shared secret using the public key of recipient B and stores the result in the smart contract. 1.2 Initiator A encrypts data 1 using SH1 and stores the result in a smart contract. 1.3 Initiator A sends the transaction. 2. Synchronization (1.04) Blockchain transactions are transmitted to all blockchain network participants and agreed using the blockchain consensus mechanism.”)
As per claim 24, Ben-Ari teaches:
wherein the provider makes the user data available upon receipt of the user's submission of the proof grant; ([0045] – [0058])
Domokos teaches:
wherein the provider makes the user data available for purchase; ([0087])
As per claim 26, Ben-Ari teaches:
permitting the user to delete the user data from the at least one data contract; ([0102])
One of ordinary skill in the art would have recognized that applying the known technique of Ben-Ari to the known invention of Domokos as modified would have yielded predictable results and resulted in an improved invention. It would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such cryptography features into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying the invention to permit the user to unpublish the user data results in an improved invention because applying said technique ensures that the user has the right to remove their data for privacy purposes, thus improving the overall security of the invention.
As per claim 27, Ben-Ari teaches:
permitting the user to unpublish the data address; ([0102])

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
United States Patent Application Publication No. 20120106735 to Fukuda discloses an invention is directed to an encryption key distribution system used for computer communication, the encryption key distribution system being configured to distribute a session key used in communication between nodes from an authentication server to each node.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAY HUANG whose telephone number is (408)918-9799.  The examiner can normally be reached on 9:00a - 5:30p PT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Anita Coupe can be reached on (571) 270-3614.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/JAY HUANG/Primary Examiner, Art Unit 3685