DETAILED ACTION
Notice of Pre-AIA or AIA Status
This present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant's arguments with respect to the claims have been considered but are moot in view of the new ground(s) of rejection. On 11/3/25, Applicant amended the independent claims. Applicant’s Remarks address these new features. See the new 103 with the addition of Brown. Also, new dependents 21-24 are rejected with the 103 with the addition of Quinn.
Also, the 101 is still found to apply. No additional elements beyond the generic have been added to the claim. See the 101 below.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Based upon consideration of all of the relevant factors with respect to the claim as a whole, claims 1, 5, 7-11, 15, 17-20 are rejected under 35 U.S.C. § 101 because the claimed invention is directed to a judicial exception without significantly more and is not integrated into a practical application. In particular, the rationale for finding is explained below:
Regarding claims 1, 5, 7-11, 15, 17-20 the claims are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
The Claims 1, 5, 7-11, 15, 17-20 are directed to a process and/or machine, however the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more. Claims 1, 5, 7-11, 15, 17-20 are directed to sending and receiving data to determine if data is, or is not, saleable and then potentially selling that data. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because based upon consideration of all of the relevant factors with respect to the claim as a whole, claims 1, 5, 7-11, 15, 17-20 are determined to be directed to an abstract idea by analyzing the individual elements and the combination as explained below:
Independent Claim 1, which is representative of Independent Claim 11, will be the basis of the following 101 analysis.
STEP 1: Representative claim 1 is directed toward a method, which is a statutory category of invention.
STEP 2a – Prong One: Per MPEP 2106, the claims must be determine if the contain an abstract idea.
Independent Claim 1, recites, in part, ingesting data, applying user data rights,a protocol check is compatible with user rights, a protocol check that passes, attaching rights, a first and a second request,
detecting a request for data in a computing system;, (additional element performing generic computer functionality of sending and receiving data, processing data and storing data, and/or electronic recordkeeping to perform the abstract idea), and
performing a protocol check on the data to identify user data rights associated with the requested data, wherein the data rights are stored in a regime engine, (additional element performing generic computer functionality of sending and receiving data, processing data and storing data, and/or electronic recordkeeping to perform the abstract idea), and
orchestrating the request for the data in accordance with the data rights; and (additional element performing generic computer functionality of sending and receiving data, processing data and storing data, and/or electronic recordkeeping to perform the abstract idea), and providing the data, attaching user data rights to the data;
enforcing the data rights when performing the request. (additional element performing generic computer functionality of sending and receiving data, processing data and storing data, and/or electronic recordkeeping to perform the abstract idea), and a metadata control plane and communicates with a data control plane that manages access ;
in response to a passing protocol check, intercepting, at the data control plane, a write or transfer operation for the requested data and embedding into a header field of the data a rights-descriptor structure generated, wherein the rights-descriptor structure comprises identifiers of applicable regimes and rights-enforcement values and modifies a data-object header to encode the user data rights as metadata for machine-level enforcement; wherein subsequent access to or transmission of the data is governed by the embedded rights-descriptor structure within the data control plane.
These limitations set forth a concept of sending and receiving data to determine if data is, or is not, saleable and then potentially selling that data. This concept falls within the methods of organizing human activity, commercial or legal interactions (including agreements in the form of contracts; legal obligations; advertising, marketing or sales activities or behaviors; business relations) grouping identified by MPEP 2106. As such, the claims are determined to recite an abstract idea.
Please note in addition to the above, the claims do not appear to have a computer of machine performing any significant step, therefore the steps are, by definition, organizing human activity.
STEP 2a – Prong Two: Per MPEP 2106, the additional elements of the claims
computer functions discussed above,
a computing system, a non-transitory storage medium, and
one or more hardware processors
must be considered for whether they integrate the abstract idea into a practical application. The additional elements are considered a datastore, a processor, computing system, a data management system, a regime engine. However, these are considered generic. The computer is recited at an extreme level of generality and is interpreted as a generic computing device, and its incorporation amounts to implementing the abstract idea on a computer. Per MPEP 2106, simply implementing an abstract idea on a generic computer is not a practical application of the abstract idea. Figure 6 and its related text and Paragraphs 0079-0086 of the specification (US Patent Application Publication No. 2023/0289409 A1 – hereinafter specification and/or disclosure) detail any combination of a generic computer system program to perform the method. Paragraph 0080 specifically details a generic computer where it mentions “Computer-executable instructions comprise, for example, instructions and data which, when executed, cause a general-purpose computer, …”.
There are also the additional elements of wherein the regime engine operates within, storage resources of the computing system, automatically. These are considered generic. The automatic has no steps for how. The machine level enforcement is not actually positively recited.
The claims recite other additional elements, however, these limitations simply generally link the use of the judicial exception to a particular technological environment. Per MPEP 2106, such a general linking does not constitute a practical application of the abstract idea. There are no further additional elements. Therefore, as the additional elements of the claims do not integrate the abstract idea into a practical application, the claims are determined to be directed to an abstract idea.
Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. (MPEP 2106.05(f) Mere Instructions To Apply An Exception).
STEP 2b: Per MPEP 2106, the additional elements of the claims must be considered against for whether they constitute significantly more than the abstract idea. As previously noted, the claims describe the additional element of a computer. However, implementing an abstract idea on a generic computer does not add significantly more, similar to how the recitation of the computer in the claim in Alice amounted to mere instructions to apply the abstract idea of intermediated settlement on a generic computer. As such, these elements do not provide an inventive concept and do not constitute significantly more. As previously noted, the claims recite the additional element of receiving information from a client executing on a device and transmitting information to a user via a client application. However, per MPEP 2106, receiving and transmitting data over a network is a well-known, routine, and conventional computer functionality (Symantec), and processing that data network is a well-known, routine, and conventional computer functionality (Versata Dev. Group, Inc. v. SAP Am), and storing data and electronic recordkeeping is a well-known, routine, and conventional computer functionality (Alice Corp).
As such, this limitation does not constitute significantly more either individually or with the above computing devices. There are no further additional elements. Therefore, when considered individually and as an ordered combination, the additional elements of the independent claims do not amount to significantly more than the judicial exception. Thus the independent claims are not patent eligible.
Dependent Claims 5, 7-10 and 15, 17-24 further describe the abstract idea, and do not set forth further additional elements. The use of cryptographic keys is considered generic as no technical details are given.
Conclusion: Accordingly, because the Applicant's claims reflect claims the Courts have determined to be abstract ideas, the Applicant’s claims likewise are directed to abstract ideas. Therefore, the claims either alone and/or as an ordered combination of elements are therefore not drawn to eligible subject matter as they are directed to an abstract idea. Therefore, as the dependent claims remain directed to an abstract idea and as the additional elements of the dependent claims do not constitute a practical application, the dependent claims or the claims as a whole are not patent eligible.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 5, 7-10, 11, 15, 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Coleman (20040139025) in view of Brown (20030061567).
Claims 1, 11: Coleman discloses a method, comprising (See at least the Abstract):
ingesting data of a user into a first datastore of a computing system in response to a first request from a user, the computing system comprising a processor (see [33] and note that the first user enters his information and ; note [43, 76] with total user control of what, whether and under what terms user data can be shared “[43]… There the owner can have complete control over the information, and decide what whether to allow any use to be made of it, and under what terms the use will be.”);
applying user data rights to the data of the user, wherein the user data rights are received from the user in the first request or default rights are applied, wherein the user data rights are stored in a structure in the first datastore, the structure corresponding to a protocol (the terms and consumer direction and control read on user data rights received from the user and also read on protocol: “[43]… There the owner can have complete control over the information, and decide what whether to allow any use to be made of it, and under what terms the use will be.”, “[70]… A second general function is to form a way in which the consumer can optionally participate in making abstracted portions of his/her profile available to marketers under terms dictated by the consumer, principally including the payment of money or other consideration to the consumer.”, “[75]… Preferably, this information is obtained, at the consumer's direction, in electronic form which iPool can transfer into the information trust. [0076] Information in the trust can be edited by the consumer as necessary, then maintained into compiled files 310 for each individual. Thereafter, the individual has control 150 over what use, if any, may be made of his/her file and information. An individual may choose to allow no access to or use of his/her data file. Other individuals may opt to make certain parts of their information available on a pooled, abstracted basis 320. The individual can determine how much information, i.e., whether abstracted profile information, or true identity is made available, to what type of advertiser or marketer, and for what consideration 152. Some individuals do not mind receiving certain types of advertisements for limited subject areas which are of interest to them, so long as they have control over such access, so long as it does not expose them to junk mailers and telemarketers, and as long as they receive compensation therefor.”);
detecting a second request for the data of the user in a computing system, from a requestor wherein the second request complies with the protocol ([43, 70, 75, 76] highlighted in the preceding citation show that advertisers can request user data but only receive it if they are a preferred advertiser or compensate the user as dictated by the user in their protocol/terms/control designations), wherein the computing system includes a data management system including a data catalog, data control, and data integration (note user requests their data at “[79]… Upon request of the consumer or automatically, the data is…”, for data catalog, control, integration see integrator at Fig. 10 and/or item 200, 300 of Fig. 1 ; see request the data based on law at [8]) that are configured to enforce the user data rights ([43, 70, 75, 76] highlighted in the preceding citation show that advertisers can request user data but only receive it if they are a preferred advertiser or compensate the user as dictated by the user in their protocol/terms/control designations);
performing a protocol check, by a regime engine of the data management system, on the data of the user based on the second request and the user data rights associated with the requested data, wherein the protocol check determines whether the request is compatible with the user data rights, denies the request when the protocol check fails and passes the request when the protocol check passes (see allow and conditions at [43, 44], see “[76]… An individual may choose to allow no access to or use of his/her data file. Other individuals may opt to make certain parts of their information available on a pooled, abstracted basis 320. The individual can determine how much information, i.e., whether abstracted profile information, or true identity is made available, to what type of advertiser or marketer, and for what consideration 152.”; note [43, 70, 75, 76] highlighted in the above citation show that advertisers can request user data but only receive it if they are a preferred advertiser or compensate the user as dictated by the user in their protocol/terms/control designations; also for regime engine see Fig. 1, item 200, 300;).
Coleman does not explicitly disclose wherein the regime engine operates within a metadata control plane and communicates with a data control plane that manages access to storage resources of the computing system; in response to a passing protocol check, automatically intercepting, at the data control plane, a write or transfer operation for the requested data and embedding into a header field of the data a rights-descriptor structure generated by the regime engine, wherein the rights-descriptor structure comprises identifiers of applicable regimes and rights-enforcement values and modifies a data-object header to encode the user data rights as metadata for machine-level enforcement; wherein subsequent access to or transmission of the data is automatically governed by the embedded rights-descriptor structure within the data control plane.
However, Coleman discloses using headers related to content access [42, 63, 68]. And, Brown further discloses using metadata and headers that are embedded with the file/data itself so that total control of access of the content is enacted (see metadata and access control at [119, 121, 124, 125, 127, 128], also see header and access rights at [130, 131], and see metadata and header and access rights at [138]). Therefore, it would have been obvious to one having ordinary skill in the art at the time the invention was made to add Brown’s using metadata and/or headers embedded with the secure data itself to control access rights to the data to Coleman’s data access rights and Coleman’s use of headers. One would have been motivated to do this in order to better control access rights to data.
Coleman further discloses when the protocol check passes, orchestrating the second request for the user data in accordance with the user data rights (note [43, 70, 75, 76] highlighted in the above citation show that advertisers can request user data but only receive it if they are a preferred advertiser or compensate the user as dictated by the user in their protocol/terms/control designations);
providing the data to the requestor in a manner that complies with the user data rights (see allow and conditions at [43, 44], see “[76]… An individual may choose to allow no access to or use of his/her data file. Other individuals may opt to make certain parts of their information available on a pooled, abstracted basis 320. The individual can determine how much information, i.e., whether abstracted profile information, or true identity is made available, to what type of advertiser or marketer, and for what consideration 152.”; note [43, 70, 75, 76] highlighted in the above citation show that advertisers can request user data but only receive it if they are a preferred advertiser or compensate the user as dictated by the user in their protocol/terms/control designations).
Coleman further discloses enforcing the user data rights when performing the second request (see allow and conditions at [43, 44], see “[76]… An individual may choose to allow no access to or use of his/her data file. Other individuals may opt to make certain parts of their information available on a pooled, abstracted basis 320. The individual can determine how much information, i.e., whether abstracted profile information, or true identity is made available, to what type of advertiser or marketer, and for what consideration 152.”; note [43, 70, 75, 76] highlighted in the above citation show that advertisers can request user data but only receive it if they are a preferred advertiser or compensate the user as dictated by the user in their protocol/terms/control designations).
Also, in further regards to claim 11, Coleman discloses the medium form of the claim above ([135] and also Internet and database and site at [56]).
Claim 5, 15:
Coleman discloses wherein the first request includes opting in to selling the data and setting a price (see consideration, compensation, free and “under terms dictated by the consumer” at [70]).
Claims 7, 17: Coleman further discloses the method of claim 1, further comprising selling the data in an online marketplace ([5, 6-9, 20, 23, 27]).
Claims 8, 18. Coleman further discloses the method of claim 7, further comprising providing the user with details of any sale of the data to the requestor (see viewer financial accounts to accept payment at [99]).
Claims 9, 19. Coleman further discloses the method of claim 8, further comprising receiving a third request, wherein the third request is to determine if the second request was completed in the regime engine (Fig. 7, 8, 9, 12 show the consumer control as first request, the advertiser requesting the info as second request, and the consideration/compensation going as payment for completing the 2nd request, so the request for payment/consideration for actually completing the 2nd request is considered as a third request).
Claim 10, 20:
Coleman discloses wherein the first request specifies a regime field that identifies a regime, an exercise field that identifies rights being exercised and corresponding values, and a relationships field (in at least paragraphs 0029-0033 where details for data access are supplied by the user; also see consideration, compensation, free and “under terms dictated by the consumer” at [70]).
Claims 21-24 are rejected under 35 U.S.C. 103 as being unpatentable over Coleman (20040139025) in view of Brown (20030061567) in view of Quinn (20170063551).
Claim 23, 21. Coleman does not explicitly disclose the method of claim 1, wherein embedding the rights-descriptor structure comprises inserting a digitally signed rights-descriptor into the header field of the data object, the signature being generated by a cryptographic key pair associated with the computing system to prevent unauthorized modification of the user data rights. However, Coleman discloses secure data rights and secure database (claims 1, 2). And, Quinn discloses any data store [87] and personal data like medical data [53, 54] and selective user access levels and header information for access control list [110] and using metadata with the file to authenticate the file [115, 119] and also using encryption keys [24], digital signatures [35, 29] and private keys and signatures [36]. Therefore, it would have been obvious to one having ordinary skill in the art at the time the invention was made to add Quinn’s use of keys and encryption and signatures to Coleman’s secure data rights and secure database. One would have been motivated to do this in order to better provide secure data rights and secure data.
Claim 24, 22. Coleman does not explicitly disclose the method of claim 1, wherein the regime engine records an immutable audit entry in the regime datastore for each protocol check and corresponding enforcement event. However, Coleman discloses secure data rights and secure database (claims 1, 2). And, Quinn discloses any data store [87] and personal data like medical data [53, 54] and selective user access levels and header information for access control list [110] and using metadata with the file to authenticate the file [115, 119] and also using encryption keys [24], digital signatures [35, 29] and private keys and signatures [36] and also signatures and access logs and audit trails [29, 37, 107]. Therefore, it would have been obvious to one having ordinary skill in the art at the time the invention was made to add Quinn’s use of signatures and access logs and audit trails to Coleman’s secure data rights and secure database. One would have been motivated to do this in order to better provide secure data rights and secure data.
Conclusion
The following prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
a) Delsman and Kaler disclose access control.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ARTHUR DURAN whose telephone number is (571)272-6718. The examiner can normally be reached Mon-Thurs, 7-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ilana Spar can be reached at (571) 270-7537. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ARTHUR DURAN/Primary Examiner, Art Unit 3621 11/13/25