Systems and Methods for Managing Access to Confidential Data

§103 §112

DETAILED ACTION This Office Action has been issued in response to Applicant's Amendment filed March 12, 2026. Claims 1, 10, and 16 have been amended. Claims 1-20 have been examined and are pending. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant's arguments filed March 12, 2026 have been fully considered but they are not persuasive. Applicant argues the references do not disclose generating a recommendation of an adjustment to a data setting regarding access to portions of confidential data for all stakeholders based upon a security concern. Paragraph [0062] of Pierce discloses the recommendations associated with determining whether behavior is indicative of malicious activity may include a recommendation to revoke the privileges of one or more individuals to access resources, a recommendation to notify a supervisor of one or more individuals, or the like. The actions associated with determining whether behavior is indicative of malicious activity may include, for example, causing privileges of one or more individuals to access resources to be revoked, transmitting a notification to a supervisor, or the like. The claims do not currently require multiple stakeholders. Adjusting a single individuals privileges can be adjusting the privileges of all stake holders. Furthermore, Pierce discloses “revoke the privileges of one or more individuals to access resources.” Where revoking more individuals includes all individuals. Claim Rejections - 35 USC § 112 Claims 1-20 rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Independent claims recite “generating, via the one or more processors, a recommendation of an adjustment to a data setting regarding permission to access portions of the specific confidential data for all stakeholders based upon the at least one security concern.” Examiner was unable to find support for recommending an adjustment for all stakeholders. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over US Pub. No. 2023/0108366 to Tang et al. (hereinafter “Tang”) and further in view of US Pub. No. 2024/0013200 to Singh et al. (hereinafter “Singh”) and further in view of US Pub. No. 2023/0412604 to Pierce (hereinafter “Pierce”). As to Claim 1, Tang discloses a computer-implemented method for using non-fungible tokens (NFTs) to limit access to confidential data, the method comprising: obtaining, via one or more processors, identification information of confidential data (Paragraph [0006] of Tang discloses a data file including a portfolio array of links to each of the one or more encrypted documents); packaging, via the one or more processors, an NFT on a distributed ledger, the NFT representing ownership of the confidential data and including the identification information of the confidential data (Paragraph [0006] of Tang discloses executes a mint function to create the single NFT on a blockchain, the single NFT including a link to the generated data file. Paragraph [0073] of Tang discloses each of the permission records 882 may indicate a specified role that was granted to the user by the NFT owner); receiving, via the one or more processors, an indication providing access to at least one specific stakeholder for specific confidential data within the confidential data (Paragraph [0051] of Tang discloses a third party host computer system 207 to request access to an encrypted document. Paragraph [0073] of Tang discloses each of the permission records 882 may indicate a specified role that was granted to the user by the NFT owner); and curating, via the one or more processors, availability of the specific confidential data to the at least one specific stakeholder in response to receiving the indication providing availability of the specific confidential data, wherein the availability of the confidential data to the at least one specific stakeholder includes one or more conditional requirements (Paragraph [0062] of Tang discloses this check may determine whether the request was made by a user who has logged in, via the user module 612, and therefore provided the correct user authentication data. Additionally, this check may also determine whether the correct authentication data is supplied in order to decrypt the encrypted documents and provide the user device with the decrypted documents. Paragraph [0040] of Tang discloses more fine-grained access controls, such as a time limit for the viewing privileges, per document permissions, or resolution downgrading, etc., could be presented to the minter by the NFT management module) receiving, via the one or more processors, an indication that at least one security concern exists with respect to the confidential data (Paragraph [0065] of Tang discloses if step 670K is unable to verify that the hash of the decrypted key matches the key_hash that is stored in the NFT cache, then an error is returned to the user device 602), wherein receiving the indication that at least one security concern exists includes at least: [analyzing the confidential data using a cognitive computing algorithm determining the at least one security concern associated with the use of the confidential data based upon such analysis using the cognitive computing algorithm] and the one or more conditional requirements (Paragraph [0040] of Tang discloses more fine-grained access controls, such as a time limit for the viewing privileges, per document permissions, or resolution downgrading, etc., could be presented to the minter by the NFT management module) [generating, via the one or more processors, a recommendation of an adjustment to a data setting regarding permission to access portions of the specific confidential data for all stakeholders based upon the at least one security concern]. Tang does not explicitly disclose analyzing the confidential data using a cognitive computing algorithm and determining the at least one security concern associated with the use of the confidential data based upon such analysis using the cognitive computing algorithm. However, Singh discloses this. Paragraph [0011] of Singh discloses continuously monitor the digital identity of the user during one or more instances of access of the user. Paragraph [0012] of Singh discloses determine that the one or more attributes of the digital identity of the user during the one or more instances of access does not match the information associated with the digital identity of the user recorded in the NFT. Paragraph [0071] of Singh discloses the system may be configured to use the various instances of actions to determine whether the overall behavior of the user is within the limits of acceptable deviation. In this regard, the system may be configured to employ machine learning techniques to predict a future instance of action of the user based on the various instances of access. If the predicted future instance of action is within the predetermined limits of acceptable deviation, then the user's behavior is deemed behaviorally acceptable. On the other hand, if the predicted future instance of action is outside the predetermined limits of acceptable deviation, then the user's behavior is deemed behaviorally anomalous, and the issue is escalated to the administrator of the first virtual environment. It would have been obvious to one of ordinary skill in the art before the effective filing of the invention to combine the NFT system as disclosed by Tang, with monitor using machine learning as disclosed by Singh. One of ordinary skill in the art would have been motivated to combine to apply a known technique to a known device. Tang and Singh are directed toward NFT systems and as such it would be obvious to use the techniques of one in the other. Paragraph [0047] of Tang discloses various embodiments of the system 120 may include intelligence and automation functionalities that perform machine learning and artificial intelligence tasks to train machine learned models, make classifications and predictions, recommend products to users, etc. Various embodiments may incorporate analytics reporting to facilitate improvements to the system 120. Tang does not explicitly disclose generating, via the one or more processors, a recommendation of an adjustment to a data setting relating to the availability of the specific confidential data based upon the at least one security concern. However, Pierce discloses this. Paragraph [0062] of Pierce discloses the recommendations associated with determining whether behavior is indicative of malicious activity may include a recommendation to revoke the privileges of one or more individuals to access resources, a recommendation to notify a supervisor of one or more individuals, or the like. The actions associated with determining whether behavior is indicative of malicious activity may include, for example, causing privileges of one or more individuals to access resources to be revoked, transmitting a notification to a supervisor, or the like. Paragraph [0026] of Pierce. It would have been obvious to one of ordinary skill in the art before the effective filing of the invention to combine the permission system as disclosed by Tang, with recommending adjustments as disclosed by Pierce. One of ordinary skill in the art would have been motivated to combine to apply a known technique to a known device ready for improvement to yield predictable results. Tang and Pierce are directed toward permission systems and as such it would be obvious to use the techniques of one in the other. Pierce discloses that recommending permission adjustment and taking actions of permission adjustments are known alternatives of each other. As to Claim 2, Tang-Singh-Pierce discloses the computer-implemented method of claim 1, wherein the confidential data is representative of at least one of: business confidential data, consumer confidential data, a document, a diagram, an image, a video, digital data, anonymized data, underwriting and claims data, personal data, behavioral data, routine data, a contract, a deed, a record, a certificate, smart device data, smart home data, smart car data, sensor data, financial data, tax data, or transaction data (Paragraph [0006] of Tang discloses a data file including a portfolio array of links to each of the one or more encrypted documents). As to Claim 3, Tang-Singh-Pierce discloses the computer-implemented method of claim 1, further comprising receiving, via the one or more processors, an indication that the stakeholder has completed a two-factor authentication process; and wherein curating availability of the specific confidential data occurs in response to receiving the indication that the stakeholder has completed the two-factor authentication process (Paragraph [0062] of Tang discloses this check may determine whether the request was made by a user who has logged in, via the user module 612, and therefore provided the correct user authentication data. Paragraph [0069] of Singh discloses the system may be configured to execute a multi-factor authentication (MFA) for identity verification). Examiner recites the same rationale to combine used for claim 1. As to Claim 4, Tang-Singh-Pierce discloses the computer-implemented method of claim 1, wherein curating availability of the specific confidential data occurs in response to receiving an indication that the at least one stakeholder has requested the specific confidential data (Paragraph [0051] of Tang discloses a third party host computer system 207 to request access to an encrypted document). As to Claim 5, Tang-Singh-Pierce discloses the computer-implemented method of claim 1, further comprising: receiving, via the one or more processors, an indication that the at least one stakeholder has accessed the specific confidential data (Paragraph [0062] of Tang discloses provide the user device with the decrypted documents). As to Claim 6, Tang-Singh-Pierce discloses the computer-implemented method of claim 1, further comprising: monitoring, via the one or more processors, interaction of the at least one specific stakeholder with the specific confidential data (Paragraph [0011] of Singh discloses continuously monitor the digital identity of the user during one or more instances of access of the user). Examiner recites the same rationale to combine used for claim 1. As to Claim 7, Tang-Singh-Pierce discloses the computer-implemented method of claim 1, further comprising: implementing, via the one or more processors, a cognitive computing-based scan for available customer data, the cognitive computing-based scan using the cognitive computing algorithm and configured to generate a user alert indicating usage of the available customer data (Paragraph [0071] of Singh discloses the system may be configured to use the various instances of actions to determine whether the overall behavior of the user is within the limits of acceptable deviation. In this regard, the system may be configured to employ machine learning techniques to predict a future instance of action of the user based on the various instances of access. If the predicted future instance of action is within the predetermined limits of acceptable deviation, then the user's behavior is deemed behaviorally acceptable. On the other hand, if the predicted future instance of action is outside the predetermined limits of acceptable deviation, then the user's behavior is deemed behaviorally anomalous, and the issue is escalated to the administrator of the first virtual environment). Examiner recites the same rationale to combine used for claim 1. As to Claim 8, Tang-Singh-Pierce discloses the computer-implemented method of claim 1, wherein the analysis by the cognitive computing algorithm further comprises: importing automatically, via the one or more processors, the analysis by the cognitive algorithm into a confidential data management system (Paragraph [0071] of Singh discloses the system may be configured to use the various instances of actions to determine whether the overall behavior of the user is within the limits of acceptable deviation. In this regard, the system may be configured to employ machine learning techniques to predict a future instance of action of the user based on the various instances of access. If the predicted future instance of action is within the predetermined limits of acceptable deviation, then the user's behavior is deemed behaviorally acceptable. On the other hand, if the predicted future instance of action is outside the predetermined limits of acceptable deviation, then the user's behavior is deemed behaviorally anomalous, and the issue is escalated to the administrator of the first virtual environment). Examiner recites the same rationale to combine used for claim 1. As to Claim 9, Tang-Singh-Pierce discloses the computer-implemented method of claim 1, wherein availability of the specific confidential data is denied in response to receiving the indication that the at least one security concern exists (Paragraph [0012] of Singh discloses determine that the one or more attributes of the digital identity of the user during the one or more instances of access does not match the information associated with the digital identity of the user recorded in the NFT; in response, revoke the continued authorization for the user to access the first virtual environment). Examiner recites the same rationale to combine used for claim 1. As to Claim 10, Tang discloses a computer system for using non-fungible tokens (NFTs) to limit access to confidential data, the computer system comprising one or more local or remote processors, transceivers, and/or sensors configured to: obtain identification information of confidential data (Paragraph [0006] of Tang discloses a data file including a portfolio array of links to each of the one or more encrypted documents); mint an NFT on a distributed ledger, the NFT representing ownership of the confidential data and including the identification information of the confidential data (Paragraph [0006] of Tang discloses executes a mint function to create the single NFT on a blockchain, the single NFT including a link to the generated data file. Paragraph [0073] of Tang discloses each of the permission records 882 may indicate a specified role that was granted to the user by the NFT owner); receive an indication providing access to at least one specific stakeholder for specific confidential data within the confidential data (Paragraph [0051] of Tang discloses a third party host computer system 207 to request access to an encrypted document. Paragraph [0073] of Tang discloses each of the permission records 882 may indicate a specified role that was granted to the user by the NFT owner); and curate availability of the specific confidential data to at least one specific stakeholder in response to receiving the indication providing availability of the specific confidential data, wherein the availability of the confidential data to the at least one specific stakeholder includes one or more conditional requirements (Paragraph [0062] of Tang discloses this check may determine whether the request was made by a user who has logged in, via the user module 612, and therefore provided the correct user authentication data. Additionally, this check may also determine whether the correct authentication data is supplied in order to decrypt the encrypted documents and provide the user device with the decrypted documents. Paragraph [0040] of Tang discloses more fine-grained access controls, such as a time limit for the viewing privileges, per document permissions, or resolution downgrading, etc., could be presented to the minter by the NFT management module) receive an indication that at least one security concern exists with respect to the confidential data (Paragraph [0065] of Tang discloses if step 670K is unable to verify that the hash of the decrypted key matches the key_hash that is stored in the NFT cache, then an error is returned to the user device 602), wherein receiving the indication that at least one security concern exists includes at least: [analyzing the confidential data using a cognitive computing algorithm determining the at least one security concern associated with the use of the confidential data based upon such analysis using the cognitive computing algorithm] and the one or more conditional requirements (Paragraph [0040] of Tang discloses more fine-grained access controls, such as a time limit for the viewing privileges, per document permissions, or resolution downgrading, etc., could be presented to the minter by the NFT management module) [generate a recommendation of an adjustment to a data setting regarding permission to access portions of the specific confidential data for all stakeholders based upon the at least one security concern]. Tang does not explicitly disclose analyzing the confidential data using a cognitive computing algorithm and determining the at least one security concern associated with the use of the confidential data based upon such analysis using the cognitive computing algorithm. However, Singh discloses this. Paragraph [0011] of Singh discloses continuously monitor the digital identity of the user during one or more instances of access of the user. Paragraph [0012] of Singh discloses determine that the one or more attributes of the digital identity of the user during the one or more instances of access does not match the information associated with the digital identity of the user recorded in the NFT. Paragraph [0071] of Singh discloses the system may be configured to use the various instances of actions to determine whether the overall behavior of the user is within the limits of acceptable deviation. In this regard, the system may be configured to employ machine learning techniques to predict a future instance of action of the user based on the various instances of access. If the predicted future instance of action is within the predetermined limits of acceptable deviation, then the user's behavior is deemed behaviorally acceptable. On the other hand, if the predicted future instance of action is outside the predetermined limits of acceptable deviation, then the user's behavior is deemed behaviorally anomalous, and the issue is escalated to the administrator of the first virtual environment. Examiner recites the same rationale to combine used for claim 1. Tang does not explicitly disclose generate a recommendation of an adjustment to a data setting relating to the availability of the specific confidential data based upon the at least one security concern. However, Pierce discloses this. Paragraph [0062] of Pierce discloses the recommendations associated with determining whether behavior is indicative of malicious activity may include a recommendation to revoke the privileges of one or more individuals to access resources, a recommendation to notify a supervisor of one or more individuals, or the like. The actions associated with determining whether behavior is indicative of malicious activity may include, for example, causing privileges of one or more individuals to access resources to be revoked, transmitting a notification to a supervisor, or the like. Paragraph [0026] of Pierce Examiner recites the same rationale to combine used for claim 1. As to Claim 11, Tang-Singh-Pierce discloses the computer system of claim 10, wherein the confidential data is representative of at least one of: a document, a diagram, an image, a video, digital data, materials that are read, materials that are viewed, materials that are clicked, materials that are watched, materials that are used, interaction data, personal data, behavioral data, routine data, a contract, a deed, a record, a certificate, smart device data, smart home data, smart car data, sensor data, financial data, tax data, or transaction data (Paragraph [0006] of Tang discloses a data file including a portfolio array of links to each of the one or more encrypted documents). As to Claim 12, Tang-Singh-Pierce discloses the computer system of claim 10, wherein the one or more local or remote processors, transceivers, and/or sensors are further configured to: receive an indication that a title holder of the confidential data has completed a two-factor authentication process; and mint the NFT in response to receiving the indication that the title holder of the confidential data has completed the two-factor authentication process (Paragraph [0036] of Tang discloses a login module accepts the login request from the user, matching the supplied credentials with those stored by the user module. The user module also manages the establishment of a user's digital wallets, which are accessed by the NFT management module to mint new portfolio NFTs which are deposited in the user's wallet. The digital wallets may, according to one embodiment, ask the user to confirm and approve of a minting transaction. Paragraph [0069] of Singh discloses the system may be configured to execute a multi-factor authentication (MFA) for identity verification). Examiner recites the same rationale to combine used for claim 1. As to Claim 13, Tang-Singh-Pierce discloses the computer system of claim 10, wherein the one or more local or remote processors, transceivers, and/or sensors are further configured to execute a smart contract to cause transferring the NFT to a receiving party to indicate that the receiving party possesses the confidential data (Paragraph [0030] of Tang discloses smart contracts are used in the transfer of property rights or assets including, for example, digital assets such as NFT). As to Claim 14, Tang-Singh-Pierce discloses the computer system of claim 10, wherein the one or more local or remote processors, transceivers, and/or sensors are further configured to: receive a request to interact with the confidential data (Paragraph [0051] of Tang discloses a third party host computer system 207 to request access to an encrypted document). As to Claim 15, Tang-Singh-Pierce discloses the computer system of claim 10, wherein the one or more local or remote processors, transceivers, and/or sensors are further configured to: generate a confidential data interaction alert based upon an attempted interaction with the confidential data (Paragraph [0062] of Tang discloses provide the user device with the decrypted documents. Paragraph [0070] of Singh discloses notify an administrator device). Examiner recites the same rationale to combine used for claim 1. As to Claim 16, Tang discloses a non-transitory computer-readable medium including computer-executable instructions stored therein that, when executed by the one or more processors, cause the one or more processors to use non-fungible tokens (NFTs) to limit access to confidential data and to: obtain identification information of confidential data (Paragraph [0006] of Tang discloses a data file including a portfolio array of links to each of the one or more encrypted documents); mint an NFT on a distributed ledger, the NFT representing ownership of the confidential data and including the identification information of the confidential data (Paragraph [0006] of Tang discloses executes a mint function to create the single NFT on a blockchain, the single NFT including a link to the generated data file. Paragraph [0073] of Tang discloses each of the permission records 882 may indicate a specified role that was granted to the user by the NFT owner); receive an indication providing access to at least one specific stakeholder for specific confidential data within the confidential data (Paragraph [0051] of Tang discloses a third party host computer system 207 to request access to an encrypted document. Paragraph [0073] of Tang discloses each of the permission records 882 may indicate a specified role that was granted to the user by the NFT owner); and curate availability of the specific confidential data to the at least one specific stakeholder in response to receiving the indication providing availability of the specific confidential data, wherein the availability of the confidential data to the at least one specific stakeholder includes one or more conditional requirements (Paragraph [0062] of Tang discloses this check may determine whether the request was made by a user who has logged in, via the user module 612, and therefore provided the correct user authentication data. Additionally, this check may also determine whether the correct authentication data is supplied in order to decrypt the encrypted documents and provide the user device with the decrypted documents. Paragraph [0040] of Tang discloses more fine-grained access controls, such as a time limit for the viewing privileges, per document permissions, or resolution downgrading, etc., could be presented to the minter by the NFT management module) receive an indication that at least one security concern exists with respect to the confidential data (Paragraph [0065] of Tang discloses if step 670K is unable to verify that the hash of the decrypted key matches the key_hash that is stored in the NFT cache, then an error is returned to the user device 602), wherein receiving the indication that at least one security concern exists includes at least: [analyzing the confidential data using a cognitive computing algorithm determining the at least one security concern associated with the use of the confidential data based upon such analysis using the cognitive computing algorithm] and the one or more conditional requirements (Paragraph [0040] of Tang discloses more fine-grained access controls, such as a time limit for the viewing privileges, per document permissions, or resolution downgrading, etc., could be presented to the minter by the NFT management module) [generate a recommendation of an adjustment to a data setting regarding permission to access portions of the specific confidential data for all stakeholders based upon the at least one security concern]. Tang does not explicitly disclose analyzing the confidential data using a cognitive computing algorithm and determining the at least one security concern associated with the use of the confidential data based upon such analysis using the cognitive computing algorithm. However, Singh discloses this. Paragraph [0011] of Singh discloses continuously monitor the digital identity of the user during one or more instances of access of the user. Paragraph [0012] of Singh discloses determine that the one or more attributes of the digital identity of the user during the one or more instances of access does not match the information associated with the digital identity of the user recorded in the NFT. Paragraph [0071] of Singh discloses the system may be configured to use the various instances of actions to determine whether the overall behavior of the user is within the limits of acceptable deviation. In this regard, the system may be configured to employ machine learning techniques to predict a future instance of action of the user based on the various instances of access. If the predicted future instance of action is within the predetermined limits of acceptable deviation, then the user's behavior is deemed behaviorally acceptable. On the other hand, if the predicted future instance of action is outside the predetermined limits of acceptable deviation, then the user's behavior is deemed behaviorally anomalous, and the issue is escalated to the administrator of the first virtual environment. Examiner recites the same rationale to combine used for claim 1. Tang does not explicitly disclose generate a recommendation of an adjustment to a data setting relating to the availability of the specific confidential data based upon the at least one security concern. However, Pierce discloses this. Paragraph [0062] of Pierce discloses the recommendations associated with determining whether behavior is indicative of malicious activity may include a recommendation to revoke the privileges of one or more individuals to access resources, a recommendation to notify a supervisor of one or more individuals, or the like. The actions associated with determining whether behavior is indicative of malicious activity may include, for example, causing privileges of one or more individuals to access resources to be revoked, transmitting a notification to a supervisor, or the like. Paragraph [0026] of Pierce Examiner recites the same rationale to combine used for claim 1. As to Claim 17, Tang-Singh-Pierce discloses the computer-readable medium of claim 16, wherein the confidential data includes at least one of: business confidential data, consumer data, or customer confidential data (Paragraph [0006] of Tang discloses a data file including a portfolio array of links to each of the one or more encrypted documents. Paragraph [0060] of Tang discloses the variations of the multiple encrypted documents provide a layer of privacy, such that not everyone with the ability to find the NFT would be able to access the documents). As to Claim 18, Tang-Singh-Pierce discloses the computer-readable medium of claim 16, wherein the computer executable instructions further cause the one or more processors to: receive an indication that a third-party has interacted with the confidential data (Paragraph [0062] of Tang discloses provide the user device with the decrypted documents. Paragraph [0070] of Singh discloses notify an administrator device). Examiner recites the same rationale to combine used for claim 1. As to Claim 19, Tang-Singh-Pierce discloses the computer-readable medium of claim 16, wherein the computer executable instructions further cause the one or more processors to execute a smart contract to cause transferring the NFT to a receiving party to indicate that the receiving party possesses the confidential data (Paragraph [0030] of Tang discloses smart contracts are used in the transfer of property rights or assets including, for example, digital assets such as NFT). As to Claim 20, Tang-Singh-Pierce discloses the computer-readable medium of claim 16, wherein further execution of the instructions by the one or more processors, further cause the one or more processors to: log an interaction with the confidential data (Paragraph [0070] of Singh discloses notify an administrator device. Paragraph [0072] of Singh discloses each instance of access is also analyzed against the transaction conditions (e.g., access privileges) stored in the metadata layer (e.g., smart contract) of the NFT for authorization). Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kevin S Mai whose telephone number is (571)270-5001. The examiner can normally be reached Monday to Friday 9AM to 5PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /KEVIN S MAI/Primary Examiner, Art Unit 2499