METHODS AND SYSTEMS FOR CONTROLLING ACCESS TO SENSOR DATA

DETAILED ACTION 1. This action is responsive to communication filed on 27 October 2025, with acknowledgement of an original application filed on 10 August 2023. 2. Claims 1-3, 5-13, and 15-19 are currently pending. Claims 1, 12, and 19 are in independent forms. Claims 5-12 and 16-19 has been amended. Claim 4 and 14 has been canceled. Drawings 3. The drawings filed on 08/10/2023 are accepted by the examiner. Response to Amendment 4. Applicant’s arguments filed 27 October 2025 have been fully considered however they are moot due to new grounds of rejection below initiated by applicant’s amendment. Claim Rejections - 35 USC § 103 5. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 6. Claims 1-2, 5-7, 12, and 15-19 are rejected under pre-AIA 35 U.S.C. 103(a) as being unpatentable over Atkinson et al. US Patent Application Publication No. 2021/0406358 (hereinafter Atkinson) in view of Ryhorchuk et al. US Patent Application Publication No. 2017/0103216 (hereinafter Ryhorchuk) in further view of Munafo US Patent Application Publication No. 2018/0191687 (hereinafter Munafo). Regarding claim 1, Atkinson discloses a method of controlling access to sensor data (FIG. 5 illustrates a method 500 for controlling access to a sensor), the method comprising: “receiving, by the sensor, access control data defining one or more operations which the device is permitted to execute on the protected sensor data” (see Atkinson pars. 0019-0021, the computing device 100 comprises an access control module 106. In operation, the access control module 106 receives a request to access data of the first sensor 102 of the computing device 100. Upon receiving the request, the access control module 106 determines a physical condition defined for permitting access to the data of the first sensor 102. In accordance with another example which is illustrated in FIG. 2, to control access to the first sensor 102, the access control module 106 also determines applications 200 currently executing in the computing device 100. Accordingly, the access control module 106 allows the access to the first sensor 102 based on the applications 200 currently executing in the computing device 100 and a physical condition sensed by the second sensor 104); “determining by the sensor, based on the access control data, an operation which the device is permitted to execute on the protected sensor data” (see Atkinson pars. 0021-0022, control access to the first sensor 102, the access control module 106 also determines applications 200 currently executing in the computing device 100. Accordingly, the access control module 106 allows the access to the first sensor 102 based on the applications 200 currently executing in the computing device 100 and a physical condition sensed by the second sensor 104.Determining the applications 200 currently executing in the computing device 100 may include identifying properties of an application, such as a source of the application that may have requested the access to the first sensor 102); Atkinson does not explicitly discloses generating sensor data by a sensor; protecting the sensor data to generate protected sensor data; transmitting the protected sensor data to a device for storage. However, in analogues art, Ryhorchuk discloses generating sensor data; protecting the sensor data to generate protected sensor data (see Ryhorchuk par. 0063, sensor data generated at the sensor nodes 100 may be encrypted and securely transported over a network to the service data platform 140); and transmitting the protected sensor data to a device for storage (see Ryhorchuk par. 0019, the encrypted sensor data is transported to the service data platform and stored as encrypted sensor data until the customer decides to access the sensor data); Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Ryhorchuk in to the system of Atkinson in order to include encrypted sensor data may be stored in its encrypted form until a request to access the encrypted sensor data is received by the service data platform from an authorized user (see Ryhorchuk par. 0065). Atkinson in view of Ryhorchuk does not explicitly discloses providing, from the sensor to the device, one or more keys usable by the device to enable the device to execute the operation on the protected sensor data. However, in analogues art, Munafo discloses providing, from the sensor to the device, one or more keys usable by the device to enable the device to execute the operation on the protected sensor data (see Munafo par. 0033, the data transfer device 102 comprises a hardware interface 110 for receiving sensor data from the sensors 104, 106, and 108. The path for transferring data from the sensors to the hardware interface 110 may be described as a sensor data path. The hardware interface may comprise wired or wireless connections and may use protocols for sending or receiving data. The hardware interface 110 may store the sensor data from the sensors 104, 106, and 108 in a data store local to the data transfer device 102. The data transfer device 102 may also comprise a security engine 112 for providing a key such as a key for encryption of data. The security engine 112 may have the ability to generate a random key or may store a number of pre-configured or pre-provisioned keys. The security engine 112 may provide the key to the hardware interface 110. The hardware interface 110 may use the key to perform operations on the sensor data to generate a security signature. The security signature may be a unique signature that is created based on the sensor data itself after the sensor data is operated on by the key). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Munafo in to the system of Atkinson and Ryhorchuk in order to provide for secure communications of the sensor data between the data transfer device and the host device. For example, the data transfer device may comprise a security engine to generate a key that is used by a hardware interface of the data transfer device to generate a security signature based on the sensor data (see Munafo par. 0030). Regarding claim 2, Atkinson in view of Ryhorchuk in further view of Munafo discloses the method of claim 1, Ryhorchuk further discloses protecting sensor data comprises protecting the sensor data using a secret key (see Ryhorchuk par. 0054, the matching customer private key, used for decrypting the encrypted sensor data, is not made available publicly, but is kept secret by the owner or customer who generated the key-pair). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Ryhorchuk in to the system of Atkinson in order to include encrypted sensor data may be stored in its encrypted form until a request to access the encrypted sensor data is received by the service data platform from an authorized user (see Ryhorchuk par. 0065). Regarding claim 5, Atkinson in view of Ryhorchuk in further view of Munafo discloses the method of claim 1, Munafo further discloses the method further includes deleting at least one of the sensor data or the protected sensor data after transmitting the protected sensor data to the device (see Munafo par. 0030, The security enclave may then send the key to the host device. The host device then employs the key with the sensor data to generate a second security signature. The host device then compares to the security signature to the second security signature. If a match is found then the sensor data received from the data transfer device is trusted. If a match is not found then the host device discards the sensor data). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Munafo in to the system of Atkinson and Ryhorchuk in order to provide for secure communications of the sensor data between the data transfer device and the host device. For example, the data transfer device may comprise a security engine to generate a key that is used by a hardware interface of the data transfer device to generate a security signature based on the sensor data (see Munafo par. 0030). Regarding claim 6, Atkinson in view of Ryhorchuk in further view of Munafo discloses the method of claim 1, Ryhorchuk further discloses protecting the sensor data includes applying a first secret key to the sensor data, to generate the protected sensor data; and if the access control data defines that the device is permitted execute a first operation on the protected sensor data, providing the one or more keys includes, to the device, a first complementary key, usable by the device to execute the first operation, the first complementary key being complementary to the first secret key (see Ryhorchuk par. 0096, a method is described for protecting data available to sensor nodes 110 within a sensor network 100. The method includes: generating a key-pair associated with a customer including a public encryption key and a private decryption key; requesting certification of the public encryption key; receiving a certificate representing a certified public encryption key; distributing the certificate to the sensor nodes within the sensor network 100 associated with the customer to enable the sensor nodes to encrypt sensor data available at the sensor nodes 110 with the certificate; splitting the private decryption key into multiple shares such that a designated subset of the multiple shares may be used in combination to enable a service data platform 140 to decrypt the encrypted sensor data). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Ryhorchuk in to the system of Atkinson in order to include encrypted sensor data may be stored in its encrypted form until a request to access the encrypted sensor data is received by the service data platform from an authorized user (see Ryhorchuk par. 0065). Regarding claim 7, Atkinson in view of Ryhorchuk in further view of Munafo discloses the method of claim 1, Ryhorchuk further discloses the first secret key is an encryption key (see Ryhorchuk par. 0096, generating a key-pair associated with a customer including a public encryption key); the first protected sensor data is encrypted sensor data (see Ryhorchuk par. 0019, the sensor data collected at the sensor nodes may be encrypted, using a customer public key, at the sensor nodes. The encrypted sensor data is transported to the service data platform and stored as encrypted sensor data until the customer decides to access the sensor data); the first operation is a decryption or reading operations (see Ryhorchuk par. 0109, the operation 505 may be performed by the security system 144. In some embodiments, the operation 505 may be performed by a decryption module (not shown)); and providing the one or more keys includes providing a complementary key in the form of a decryption key to the device (see Ryhorchuk par. 0096, generating a key-pair associated with a customer including a public encryption key and a private decryption key). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Ryhorchuk in to the system of Atkinson in order to include encrypted sensor data may be stored in its encrypted form until a request to access the encrypted sensor data is received by the service data platform from an authorized user (see Ryhorchuk par. 0065). Regarding claim 12, Atkinson discloses a method of accessing protected sensor data by a device, the device having stored thereon access control data defining one or more operations which the device is permitted to execute on protected sensor data (see Atkinson pars. 0019-0021, the computing device 100 comprises an access control module 106. In operation, the access control module 106 receives a request to access data of the first sensor 102 of the computing device 100. Upon receiving the request, the access control module 106 determines a physical condition defined for permitting access to the data of the first sensor 102. In accordance with another example which is illustrated in FIG. 2, to control access to the first sensor 102, the access control module 106 also determines applications 200 currently executing in the computing device 100. Accordingly, the access control module 106 allows the access to the first sensor 102 based on the applications 200 currently executing in the computing device 100 and a physical condition sensed by the second sensor 104), the method including: “sending the access control data to the sensor” (see Atkinson par. 0030, when the access control module 106 receives a request to access data of the first sensor 102, for example, stored in sensor data 322, the access control module 106 determines the physical condition defined for permitting access to the data of the first sensor 102); Atkinson does not explicitly discloses receiving protected sensor data from a sensor; storing the protected sensor data. However, in analogues art, Ryhorchuk discloses receiving protected sensor data from a sensor (see Ryhorchuk par. 0102, The service data platform 140 is storing encrypted sensor data received from the sensor nodes 100); storing the protected sensor data (see Ryhorchuk par. 0102, the sensor data was encrypted by the sensor nodes 100 and then transported to the service data platform 140 for storage). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Ryhorchuk in to the system of Atkinson in order to include encrypted sensor data may be stored in its encrypted form until a request to access the encrypted sensor data is received by the service data platform from an authorized user (see Ryhorchuk par. 0065). Atkinson in view of Ryhorchuk does not explicitly discloses receiving, from the sensor, one or more keys enabling the device to execute a permitted operation on the protected sensor data. However, in analogues art, Munafo discloses receiving, from the sensor, one or more keys enabling the device to execute a permitted operation on the protected sensor data (see Munafo par. 0033, the data transfer device 102 comprises a hardware interface 110 for receiving sensor data from the sensors 104, 106, and 108. The path for transferring data from the sensors to the hardware interface 110 may be described as a sensor data path. The hardware interface may comprise wired or wireless connections and may use protocols for sending or receiving data. The hardware interface 110 may store the sensor data from the sensors 104, 106, and 108 in a data store local to the data transfer device 102. The data transfer device 102 may also comprise a security engine 112 for providing a key such as a key for encryption of data. The security engine 112 may have the ability to generate a random key or may store a number of pre-configured or pre-provisioned keys. The security engine 112 may provide the key to the hardware interface 110. The hardware interface 110 may use the key to perform operations on the sensor data to generate a security signature. The security signature may be a unique signature that is created based on the sensor data itself after the sensor data is operated on by the key). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Munafo in to the system of Atkinson and Ryhorchuk in order to provide for secure communications of the sensor data between the data transfer device and the host device. For example, the data transfer device may comprise a security engine to generate a key that is used by a hardware interface of the data transfer device to generate a security signature based on the sensor data (see Munafo par. 0030). Regarding claim 15, Atkinson in view of Ryhorchuk in further view of Munafo discloses the method of claim 12, Ryhorchuk further discloses sending an access request to the sensor, the access request specifying a requested operation to be executed on the protected sensor data (see Ryhorchuk par. 0103, At operation 501, the customer 430 sends a request to access the encrypted sensor data stored at the service data platform 140). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Ryhorchuk in to the system of Atkinson in order to include encrypted sensor data may be stored in its encrypted form until a request to access the encrypted sensor data is received by the service data platform from an authorized user (see Ryhorchuk par. 0065). Regarding claim 19, Atkinson discloses a sensor configured to: “receive, access control data defining one or more operations which the device is permitted to execute on the protected sensor data” (see Atkinson pars. 0019-0021, the computing device 100 comprises an access control module 106. In operation, the access control module 106 receives a request to access data of the first sensor 102 of the computing device 100. Upon receiving the request, the access control module 106 determines a physical condition defined for permitting access to the data of the first sensor 102. In accordance with another example which is illustrated in FIG. 2, to control access to the first sensor 102, the access control module 106 also determines applications 200 currently executing in the computing device 100. Accordingly, the access control module 106 allows the access to the first sensor 102 based on the applications 200 currently executing in the computing device 100 and a physical condition sensed by the second sensor 104); “determine, based on the access control data, an operation which the device is permitted to execute on the protected sensor data” (see Atkinson pars. 0021-0022, control access to the first sensor 102, the access control module 106 also determines applications 200 currently executing in the computing device 100. Accordingly, the access control module 106 allows the access to the first sensor 102 based on the applications 200 currently executing in the computing device 100 and a physical condition sensed by the second sensor 104.Determining the applications 200 currently executing in the computing device 100 may include identifying properties of an application, such as a source of the application that may have requested the access to the first sensor 102); Atkinson does not explicitly discloses generate sensor data; protect the sensor data to generate protected sensor data; transmit the protected sensor data to a device for storage. However, in analogues art, Ryhorchuk discloses generate sensor data; protect the sensor data to generate protected sensor data (see Ryhorchuk par. 0063, sensor data generated at the sensor nodes 100 may be encrypted and securely transported over a network to the service data platform 140); transmit the protected sensor data to a device for storage (see Ryhorchuk par. 0019, the encrypted sensor data is transported to the service data platform and stored as encrypted sensor data until the customer decides to access the sensor data); Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Ryhorchuk in to the system of Atkinson in order to include encrypted sensor data may be stored in its encrypted form until a request to access the encrypted sensor data is received by the service data platform from an authorized user (see Ryhorchuk par. 0065). Atkinson in view of Ryhorchuk does not explicitly discloses provide, from the sensor to the device, one or more keys usable by the device to enable the device to execute the operation on the protected sensor data. However, in analogues art, Munafo discloses provide, from the sensor to the device, one or more keys usable by the device to enable the device to execute the operation on the protected sensor data (see Munafo par. 0033, the data transfer device 102 comprises a hardware interface 110 for receiving sensor data from the sensors 104, 106, and 108. The path for transferring data from the sensors to the hardware interface 110 may be described as a sensor data path. The hardware interface may comprise wired or wireless connections and may use protocols for sending or receiving data. The hardware interface 110 may store the sensor data from the sensors 104, 106, and 108 in a data store local to the data transfer device 102. The data transfer device 102 may also comprise a security engine 112 for providing a key such as a key for encryption of data. The security engine 112 may have the ability to generate a random key or may store a number of pre-configured or pre-provisioned keys. The security engine 112 may provide the key to the hardware interface 110. The hardware interface 110 may use the key to perform operations on the sensor data to generate a security signature. The security signature may be a unique signature that is created based on the sensor data itself after the sensor data is operated on by the key). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Munafo in to the system of Atkinson and Ryhorchuk in order to provide for secure communications of the sensor data between the data transfer device and the host device. For example, the data transfer device may comprise a security engine to generate a key that is used by a hardware interface of the data transfer device to generate a security signature based on the sensor data (see Munafo par. 0030). 9. Claims 3 and 13 are rejected under pre-AIA 35 U.S.C. 103(a) as being unpatentable over Atkinson et al. US Patent Application Publication No. 2021/0406358 (hereinafter Atkinson) in view of Ryhorchuk et al. US Patent Application Publication No. 2017/0103216 (hereinafter Ryhorchuk) in further view of Munafo US Patent Application Publication No. 2018/0191687 (hereinafter Munafo) in further view of Lee et al. US Patent Application Publication No. 2019/0073842 (hereinafter Lee). Regarding claim 3, Atkinson in view of Ryhorchuk in further view of Munafo discloses the method of claim 1, Atkinson in view of Ryhorchuk in further view of Munafo does not explicitly discloses receiving, by the sensor, access control data comprises receiving an authorization token including the access control data. However, in analogues art, Lee disclose receiving, by the sensor, access control data comprises receiving an authorization token including the access control data (see Lee par. 0149, when a door operating device 3000 receives an authentication token, the door operating device 3000 may determine whether the authority token has authority on the basis of whether identification information of the door operating device 3000 or the door 4000 is included in the authentication token). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Lee in to the system of Atkinson, Ryhorchuk, and Munafo in order to provide an access control method including obtaining an authentication token from a user terminal by a first door operating device, which is provided at a first door among the plurality of doors; determining whether the user terminal has authority to access the first door on the basis of authentication information included in the authentication token by the first door operating device (see Lee par. 0011). Regarding claim 13, Atkinson in view of Ryhorchuk in further view of Munafo discloses the method of claim 12, Atkinson in view of Ryhorchuk in further view of Munafo does not explicitly discloses the device has stored thereon an authorization token including the access control data; and sending the access control data to the sensor comprises sending the authorization token to the device. However, in analogues art, Lee discloses the device has stored thereon an authorization token including the access control data (see Lee par. 0356, When communication is established between the user terminal 2000a and the first door communication unit 3110, the user terminal 2000a may transmit a prestored authentication token and first access status information to the first door communication unit 3110. The communication being established between the user terminal 2000a and the first door communication unit 3110 may denote that the user terminal 2000a establishes communication with the door operating device 3000); and sending the access control data to the sensor comprises sending the authorization token to the device (see Lee par. 0130, An authentication token is data that is issued to an issuance target by the authentication server 1000 and may be data that may be used to determine authority assigned to the issuance target. Here, the issuance target may include at least one of the user and the terminal 2000. The issuance target may be classified into the user and the terminal 2000, but the authentication token may be issued by transmitting the authentication token to the terminal 2000). Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Lee in to the system of Atkinson, Ryhorchuk, and Munafo in order to provide an access control method including obtaining an authentication token from a user terminal by a first door operating device, which is provided at a first door among the plurality of doors; determining whether the user terminal has authority to access the first door on the basis of authentication information included in the authentication token by the first door operating device (see Lee par. 0011). Allowable Subject Matter 7. Claims 8-11 and 16-18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Conclusion 8. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMUEL AMBAYE whose telephone number is (571)270-7635. The examiner can normally be reached M-F 9:00 AM - 6:00 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached at (571) 272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /SAMUEL AMBAYE/Examiner, Art Unit 2433 /JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433