SYSTEMS AND METHODS FOR TOKENIZATION OF PERSONALLY IDENTIFIABLE INFORMATION (PII) AND PERSONAL HEALTH INFORMATION (PHI)

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 27 January 2026 has been entered. Applicant amended claims 1-3, 14-16, and 20. Accordingly, claims 1-20 remain pending. Response to Amendment Applicant’s amendment, filed 27 January 2026, overcomes the 35 USC 112(b) rejection of 27 October 2025. Therefore, the 35 USC 112(b) rejection of 27 October 2025 is withdrawn. Response to Arguments Applicant’s arguments with respect to the independent claim(s) have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-2, 4-15, 17-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over US 20220027499 (hereinafter Watkins), in view of Volini et al US 20170111350 (hereinafter Volini), and in further view of Dissanayake et al US 20230129541 (hereinafter Dissanayake). As to claim 1, Watkins teaches a system for enabling tokenized access to sensitive data (Figure 1 and abstract disclose a system and method for enabling tokenization access to sensitive data), the system comprising a token provisioning computing device (Figure 1, reference number 108 and paragraph 43 reveal reference number 108 of system 100 is the token provisioning device) including a processor communicatively coupled to a memory device (paragraph 46 reveals the token provisioning computing device includes one or more computing devices and storage system), the token provisioning computing device configured to: receive, from the remote client computing device of a first data subject, a request for an access token to provide access to sensitive data of the first data subject, wherein the request includes a first set of [data definition or element] identifying the sensitive data for which access is being requested to be provided (paragraph 75 discloses receiving from the remote client computing device of the first data subject, a request for an access token to provide a service provider computing device (e.g., service provider, with access to sensitive data associated with the first data subject. The request includes a data definition(field identifiers) of the sensitive data to which access is to be provided and one or more authorization parameters., see also paragraph 22, which reveals the data definition defines/identifies which data elements the service provider will be allowed access to. A data definition includes data field identifier. Paragraph 32 reveals the request can also include subject identifier, and paragraph 18 also reveals secure manager indexes the stored PII according to one or more variables, such as a subject identifier, or any other variable that uniquely identifies the data subject. Therefore the subject identifier can also be a data field identifier); generate the access token that enables access to the sensitive data associated with the first set of data elements from one or more data sources (paragraph 76 discloses generating the access token that enables access to the [defined sensitive data] according to the one or more authorization parameters. Claim 8 reveals wherein the one or more authorization parameters include a data source parameter and claim 9 reveals wherein the data definition includes a subset of a plurality of data elements available to provide to the service provider computing device from one or more data sources); transmit a response including the access token to the remote computing device of the first data subject (paragraph 76 discloses transmitting to the remote client computing device of the first data subject, a response including the access token); receive, from the service provider computing device, an inputted token and a second set of data elements to which access is expected to be provided (paragraph 60 discloses receiving from the service provider an access token and source of the data+ subject identifier/ second set of data element); compare the inputted token to the generated token (paragraphs 32 and 61 discloses the token provider compares the received access token (and, in some embodiments, the subject identifier) to the stored access token to determine whether the received access token is valid); compare the first set of [subject identifier/data field] (paragraph 32 discloses the secure manager exchanges messages with the token provider to validate the access token (and the subject identifier/second data element) received from the service provider. The data storage provider sends a validation request message to the token provider, the validation request message including the access token and, in some embodiments, a subject identifier. The subject identifier (second data element) form the service provider may be the same as the subject identifier (first data element) transmitted from the client computing device. The token provider compares the received access token (and, in some embodiments, the subject identifier) to the stored access token (the subject identifier) to determine whether the received access token is valid. A subject identifier is a data field ); in response to the tokens matching and the first set of [subject identifier/data field] matching, transmit a validation message including the sensitive data associated with the first set of data elements of the sensitive data to the service provider computing device (paragraphs 32-33 disclose in response to the match of the access tokens (and the subject identifiers and in other embodiments the data definition and/or authorization parameters), the token provider returns validation response including access approval that may include the data definition (data definition includes data identifier and data field) and/or the authorization parameters associated with the valid stored access token. In some embodiments, the access token itself defines what data is accessible. The data storage provider provides access to PII under the conditions of the access token. The data storage provider transmits the approved and authorized data back to the service provider computing device. A subject identifier is a data field). Watkins does not teach receive, from a remote client computing device of a first data subject, a record set of data field elements and associated sensitive data of the first data subject; wherein the request includes a first set of data elements that is subset of the record set, identifying the sensitive data for which access is being requested; compare each of the first set of data elements with the second set of data elements; and in response to the token matchings and the first set of data elements matching the second set of data elements, transmit the sensitive data associated with the first set of data elements to the service provider computing device. Volini teaches the request includes a first set of data elements identifying the sensitive data (paragraph 116 reveal the process of the received request involves determining whether the required information has been received, such as user-identifying information (e.g., name), access-right identifying information (e.g., identifying a resource and/or resource-access characteristic (which can be the data field identifier or data field )), user contact information (e.g., address, phone number, and/or email address), and/or user device information (e.g., type of device, device identifier, and/or IP address. Paragraph 42 also reveals the request can include one or more constraints, which can correspond to (for example) values (e.g., to be matched or to define a range) of particular fields); and further teaches comparing the first set data elements with the second set of data elements (paragraphs 116, 120-123, and 128-132 reveal matching access rights characteristic received in the request from those query in resource status data store, recall that the request includes user-identifying information (e.g., name), access-right identifying information (e.g., identifying a resource and/or resource-access characteristic (which can be the data field identifier or data field)) user contact information (e.g., address, phone number, and/or email address), and/or user device information (e.g., type of device, device identifier, and/or IP address). It would have been obvious to one having ordinary before the effective filing date of the claimed invention to modify Watkins’ request and steps of comparing the subject identifiers with Volini’s teachings of the request including data elements and comparing the data elements to provide improve controlled of the storage and transmission of data while prevent malicious actor from unauthorized access to the data (paragraph 3 of Volini). The combination of Watkins in view of Volini does not teach, but Dissanayake teaches receive, from a remote client computing device of a first data subject, a record set of data field elements and associated sensitive data of the first data subject (paragraph 71 reveals data access network may receive, from data provider, data records or user data elements associated with a user. Data elements may relate to sensitive data such as checking account information of a user, medical copays made by the user); wherein the request includes a first set of data elements that is subset of the record set, identifying the sensitive data for which access is being requested (paragraph 71 reveals data access network may receive, from data provider, data records or user data elements associated with a user. Data elements may relate to sensitive data such as checking account information of a user, medical copays made by the user; paragraph 83 reveals receiving from a user device a request to grant authorization for data recipient to access user information associated with the data provider. The user information may correspond to financial information); compare each of the first set of data elements with the second set of data elements (paragraph 16 reveals matchings data elements of the data record that match permissible data elements specified in the data directive. See also paragraph 116); and in response to the token matchings (paragraphs 92-93 and 98-99 reveal verifying/matching the authentication token such as password) and the first set of data elements matching the second set of data elements (paragraph 16 reveals matchings data elements of the data record that match permissible data elements specified in the data directive. See also paragraph 116), transmit the sensitive data associated with the first set of data elements to the service provider computing device (paragraph 95 reveals transmitting filtered user information to data recipient/service provider, see also paragraph 15 which reveal the filtered data elements provided to the data recipient comprise data from the user selected account. See also paragraphs 67, 79, 125, wherein the data element can include account number, account balance). It would have been obvious to one having ordinary before the effective filing date of the claimed invention to modify Watkins’ request and steps of comparing the subject identifiers in view of Volini’s teachings of the request including data elements and comparing the data elements with Dissanayake’s teachings of matchings authentication tokens and data elements to provide improved method to selectively control access to data by efficiently analyzing the data received from the data provider and provide only data permitted by the data directive to a data recipient (paragraph 1 and 6 of Dissanayake). As to claim 2, the combination of Watkins in view of Volini and Dissanayake teaches wherein the token provisioning computing device is further configured to in response to the first set of data elements not matching the second set of data elements, causing to be displayed on the remote client computing device of the first data subject, an error message (Watkins: paragraph 32 discloses the access tokens(or the subject identifier from the client computing device and the subject identifier from the service provider) are compared, when they invalid, the token provider returns a validation response of access denial, and that the access token is invalid). As to claim 4, the combination of Watkins in view of Volini and Dissanayake teaches wherein the token provisioning computing device is further configured to, in response to receiving the access token from the service provider computing device, causing at least one of: population of data element on a user interface being executed on the service provider computer device with the sensitive data associated with the first set of data elements or providing the service provider computing device access to the first set of data elements (Watkins: paragraphs 32-33 disclose in response to the match of the access tokens (and the subject identifiers), the token provider returns validation response including access approval that may include the data definition and/or the authorization parameters associated with the valid stored access token. In some embodiments, the access token itself defines what data is accessible. The data storage provider provides access to PII under the conditions of the access token. The data storage provider transmits the approved and authorized data back to the service provider computing device. Dissanayake: paragraph 92-99 reveal in response to the credential/access token authenticated, the system provide the data recipient/service provider with the filtered data). Motivation similar to the motivation presented in claim 1. As to claim 5, the combination of Watkins in view of Volini and Dissanayake teaches wherein the token provisioning computing device is further configured to authenticate the request for the access token (Watkins: paragraph 27 also discloses the token provider authenticates the data subject client device before generating or providing the requested access token). As to claim 6, the combination of Watkins in view of Volini and Dissanayake teaches wherein the request for the access token further includes authentication credentials input by the first data subject to the remote client computing device during a log-in process (Watkins: paragraphs 27 and 77 also disclose the data subject provide credentials, wherein the request for access token further includes authentication credentials input by the first data subject), and wherein to authenticate the request for the access token, the token provisioning computing device is further configured to process the authentication credentials received from the remote client computing device (Watkins: paragraph 77 discloses processing the authentication credentials of the remote client computing device). As to claim 7, the combination of Watkins in view of Volini and Dissanayake teaches wherein to authenticate the request for the access token, the token provisioning computing device is further configured to: transmit an authentication request message to the remote client computing device, the authentication request message including instructions that cause the remote client computing device to prompt the first data subject to input one or more authentication credentials into the remote client computing device (Watkins: paragraph 57 discloses the token provider transmits an authentication request message back to client computing device with instructions for client computing device request additional/alternative authentication credentials from data subject); receive, from the remote client computing device, an authentication response message including the one or more input authentication credentials (Watkins: paragraph 57 discloses the token provider receives the credentials from the client computing device); and process the input authentication credentials (Watkins: paragraph 77 discloses processing the authentication credentials). As to claim 8, the combination of Watkins in view of Volini and Dissanayake teaches wherein the request includes one or more authorization parameters (Watkins: paragraph 56 discloses the request include authorization parameters). As to claim 9, the combination of Watkins in view of Volini and Dissanayake teaches wherein the one or more authorization parameters further include at least one of a validity time/date parameter or an authorized service provider parameter (Watkins: paragraph 81 discloses the authorization parameters include a validity date). As to claim 10, the combination of Watkins in view of Volini and Dissanayake teaches wherein the one or more authorization parameters include a validity date after which access to the sensitive data is revoked (Watkins: paragraph 81 discloses the authorization parameters include a validity date after which access to the sensitive data is revoked), and wherein the token provisioning computing device is further configured to: store the access token in a token database with the one or more authorization parameters (Watkins: paragraph 37 discloses storing, by the token provisioning computing device, the access token in a token database with the data definition and the one or more authorization parameters); and upon reaching the validity date, at least one of delete the access token or disable the access token to prevent further access to the sensitive data by the service provider computing device (Watkins: paragraphs 81-82 disclose deleting or disabling the stored token to prevent further access to the sensitive data by the service provider). As to claim 11, the combination of Watkins in view of Volini and Dissanayake teaches wherein the token provisioning computing device is further configured to: receive a token validation request message from the service provider computing device (Watkins: paragraph 32 discloses the secure manager exchanges messages with the token provider to validate the access token received from the service provider. The data storage provider sends a validation request message to the token provider), the token validation request message including the access token and a subject identifier associated with the data subject (Watkins: paragraph 32 discloses the validation request message including the access token and a subject identifier); perform a lookup operation using at least one of the access token or the subject identifier (Watkins: paragraph 61 discloses the token provider receives the access token from secure manager and performs a lookup in the memory (e.g., database) to retrieve any matching stored access token. Where token provider also receives a subject identifier, token provider may use the subject identifier to perform the lookup operation, to retrieve active access tokens associated with data subject); and in response to the lookup operation returning a valid and active access token, validate the access token (Watkins: paragraph 61 discloses if the access token is valid after the comparison, and include a token validation response indicating the access token was successfully validated). Motivation is similar to the motivation presented in claim 1. As to claim 12, the combination of Watkins in view of Volini and Dissanayake teaches wherein the access token is one of alphanumeric code, a bar code, and a QR code (Watkins: paragraph 26 discloses the access token is embodied as an alphanumeric code, a bar code, and/or QR code). As to claim 13, the combination of Watkins in view of Volini and Dissanayake wherein the access token is valid for a predetermined period of time (Watkins: paragraph 81 discloses the authorization parameters include a validity date after which access to the sensitive data is revoked. Paragraph 51 also discloses the access token has a period until data retention expires). As to claim 14, Watkins teaches a computer implemented method for enabling tokenized access to sensitive data (Figure 1 and abstract disclose a system and method for enabling tokenization access to sensitive data), the method implemented using a system including a token provisioning computing device and paragraph 43 reveal reference number 108 of system 100 is the token provisioning device) including a processor communicatively coupled to a memory device (paragraph 46 reveals the token provisioning computing device includes one or more computing devices and storage system), the method comprising: receiving, from the remote client computing device of a first data subject, a request for an access token to provide access to sensitive data of the first data subject, wherein the request includes a first set of [data definition or element] identifying the sensitive data for which access is being requested to be provided (Paragraph 75 discloses receiving from the remote client computing device of the first data subject, a request for an access token to provide a service provider computing device (e.g., service provider, with access to sensitive data associated with the first data subject. The request includes a data definition(field identifiers) of the sensitive data to which access is to be provided and one or more authorization parameters., see also paragraph 22, which reveals the data definition defines/identifies which data elements the service provider will be allowed access to. A data definition includes data field identifier. Paragraph 32 reveals the request can also include subject identifier, and paragraph 18 also reveals secure manager indexes the stored PII according to one or more variables, such as a subject identifier, or any other variable that uniquely identifies the data subject. Therefore the subject identifier can also be a data field identifier); generating the access token that enables access to the first set of data fields from one or more data sources (paragraph 76 discloses generating the access token that enables access to the [defined sensitive data] according to the one or more authorization parameters. Claim 8 reveals wherein the one or more authorization parameters include a data source parameter and claim 9 reveals wherein the data definition includes a subset of a plurality of data elements available to provide to the service provider computing device from one or more data sources); transmitting a response including the access token to the remote computing device of the first data subject (paragraph 76 discloses transmitting to the remote client computing device of the first data subject, a response including the access token); receiving, from the service provider computing device, an inputted token and a second set of data fields to which access is expected to be provided (paragraph 60 discloses receiving from the service provider an access token and source of the data+ subject identifier/ second set of data element); comparing the inputted token to the generated token (paragraphs 32 and 61 discloses the token provider compares the received access token (and, in some embodiments, the subject identifier) to the stored access token to determine whether the received access token is valid); comparing the first set of [subject identifier/data field] (paragraph 32 discloses the secure manager exchanges messages with the token provider to validate the access token (and the subject identifier/second data element) received from the service provider. The data storage provider sends a validation request message to the token provider, the validation request message including the access token and, in some embodiments, a subject identifier. The subject identifier (second data element) form the service provider may be the same as the subject identifier (first data element) transmitted from the client computing device. The token provider compares the received access token (and, in some embodiments, the subject identifier) to the stored access token (the subject identifier) to determine whether the received access token is valid. A subject identifier is a data field ); in response to the tokens matching and the first set of [subject identifier/data field] matching, transmitting the a validation message including the sensitive data associated with the first set of data fields of the sensitive data to the service provider computing device (paragraphs 32-33 disclose in response to the match of the access tokens (and the subject identifiers and in other embodiments the data definition and/or authorization parameters), the token provider returns validation response including access approval that may include the data definition (data definition includes data identifier and data field) and/or the authorization parameters associated with the valid stored access token. In some embodiments, the access token itself defines what data is accessible. The data storage provider provides access to PII under the conditions of the access token. The data storage provider transmits the approved and authorized data back to the service provider computing device. A subject identifier is a data field). Watkins does not teach receive, from a remote client computing device of a first data subject, a record set of data field elements and associated sensitive data of the first data subject; wherein the request includes a first set of data elements that is subset of the record set, identifying the sensitive data for which access is being requested; compare each of the first set of data elements with the second set of data elements; and in response to the token matchings and the first set of data elements matching the second set of data elements, transmit the sensitive data associated with the first set of data elements to the service provider computing device. Volini teaches the request includes a first set of data elements identifying the sensitive data (paragraph 116 reveal the process of the received request involves determining whether the required information has been received, such as user-identifying information (e.g., name), access-right identifying information (e.g., identifying a resource and/or resource-access characteristic (which can be the data field identifier or data field )), user contact information (e.g., address, phone number, and/or email address), and/or user device information (e.g., type of device, device identifier, and/or IP address. Paragraph 42 also reveals the request can include one or more constraints, which can correspond to (for example) values (e.g., to be matched or to define a range) of particular fields); and further teaches comparing the first set data elements with the second set of data elements (paragraphs 116, 120-123, and 128-132 reveal matching access rights characteristic received in the request from those query in resource status data store, recall that the request includes user-identifying information (e.g., name), access-right identifying information (e.g., identifying a resource and/or resource-access characteristic (which can be the data field identifier or data field)) user contact information (e.g., address, phone number, and/or email address), and/or user device information (e.g., type of device, device identifier, and/or IP address). It would have been obvious to one having ordinary before the effective filing date of the claimed invention to modify Watkins’ request and steps of comparing the subject identifiers with Volini’s teachings of the request including data elements and comparing the data elements to provide improve controlled of the storage and transmission of data while prevent malicious actor from unauthorized access to the data (paragraph 3 of Volini). The combination of Watkins in view of Volini does not teach, but Dissanayake teaches receive, from a remote client computing device of a first data subject, a record set of data field elements and associated sensitive data of the first data subject (paragraph 71 reveals data access network may receive, from data provider, data records or user data elements associated with a user. Data elements may relate to sensitive data such as checking account information of a user, medical copays made by the user); wherein the request includes a first set of data elements that is subset of the record set, identifying the sensitive data for which access is being requested (paragraph 71 reveals data access network may receive, from data provider, data records or user data elements associated with a user. Data elements may relate to sensitive data such as checking account information of a user, medical copays made by the user; paragraph 83 reveals receiving from a user device a request to grant authorization for data recipient to access user information associated with the data provider. The user information may correspond to financial information of use); compare each of the first set of data elements with the second set of data elements (paragraph 16 reveals matchings data elements of the data record that match permissible data elements specified in the data directive. See also paragraph 116); and in response to the token matchings (paragraphs 92-93 and 98-99 reveal verifying/matching the authentication token such as password) and the first set of data elements matching the second set of data elements (paragraph 16 reveals matchings data elements of the data record that match permissible data elements specified in the data directive. See also paragraph 116), transmit the sensitive data associated with the first set of data elements to the service provider computing device (paragraph 95 reveals transmitting filtered user information to data recipient/service provider, see also paragraph 15 which reveal the filtered data elements provided to the data recipient comprise data from the user selected account. See also paragraphs 67, 79, 125, wherein the data element can include account number, account balance). It would have been obvious to one having ordinary before the effective filing date of the claimed invention to modify Watkins’ request and steps of comparing the subject identifiers in view of Volini’s teachings of the request including data elements and comparing the data elements with Dissanayake’s teachings of matchings authentication tokens and data elements to provide improved method to selectively control access to data by efficiently analyzing the data received from the data provider and provide only data permitted by the data directive to a data recipient (paragraph 1 and 6 of Dissanayake). As to claim 15, the combination of Watkins in view of Volini and Dissanayake teaches further comprises in response to the first set of data elements not matching the second set of data elements, causing to be displayed on the remote client computing device of the first data subject, an error message (Watkins: paragraph 32 discloses the access tokens(or the subject identifier from the client computing device and the subject identifier from the service provider) are compared, when they invalid, the token provider returns a validation response of access denial, and that the access token is invalid). As to claim 17, the combination of Watkins in view of Volini and Dissanayake teaches further comprising in response to receiving the access token from the service provider computing device, causing at least one of: population of data element on a user interface being executed on the service provider computer device with the sensitive data associated with the first set of data elements or providing the service provider computing device access to the first set of data elements (Watkins: paragraphs 32-33 disclose in response to the match of the access tokens (and the subject identifiers), the token provider returns validation response including access approval that may include the data definition and/or the authorization parameters associated with the valid stored access token. In some embodiments, the access token itself defines what data is accessible. The data storage provider provides access to PII under the conditions of the access token. The data storage provider transmits the approved and authorized data back to the service provider computing device. Dissanayake: paragraph 92-99 reveal in response to the credential/access token authenticated, the system provide the data recipient/service provider with the filtered data). Motivation similar to the motivation presented in claim 14. As to claim 18, the combination of Watkins in view of Volini and Dissanayake teaches further comprising authenticating the request for the access token (Watkins: paragraph 27 also discloses the token provider authenticates the data subject client device before generating or providing the requested access token). As to claim 19, the combination of Watkins in view of Volini and Dissanayake teaches wherein the request for the access token further includes authentication credentials input by the first data subject to the remote client computing device during a log-in process ( Watkins: paragraphs 27 and 77 also disclose the data subject provide credentials, wherein the request for access token further includes authentication credentials input by the first data subject), and wherein to authenticate the request for the access token, the token provisioning computing device is further configured to process the authentication credentials received from the remote client computing device (Watkins: paragraph 77 discloses processing the authentication credentials). As to claim 20, Watkins teaches non-transitory computer-readable storage medium having computer-executable instructions stored thereon, wherein when executed by a processor of a token provisioning computing device of a data security computing system (claim 19 discloses a non-transitory computer-readable storage medium having computer-executable instructions stored thereon, wherein when executed by a processor of a token provisioning computing device of a data security computing system, the computer-executable instructions cause the processor. Figure 1 and abstract disclose a system and method for enabling tokenization access to sensitive data; paragraph 43 reveal reference number 108 of system 100 is the token provisioning device; paragraph 46 reveals the token provisioning computing device includes one or more computing devices and storage system), the computer- executable instructions cause the processor to: receive, from the remote client computing device of a first data subject, a request for an access token to provide access to sensitive data of the first data subject, wherein the request includes a first set of [data definition or element] identifying the sensitive data for which access is being requested to be provided (paragraph 75 discloses receiving from the remote client computing device of the first data subject, a request for an access token to provide a service provider computing device (e.g., service provider, with access to sensitive data associated with the first data subject. The request includes a data definition(field identifiers) of the sensitive data to which access is to be provided and one or more authorization parameters., see also paragraph 22, which reveals the data definition defines/identifies which data elements the service provider will be allowed access to. A data definition includes data field identifier. Paragraph 32 reveals the request can also include subject identifier, and paragraph 18 also reveals secure manager indexes the stored PII according to one or more variables, such as a subject identifier, or any other variable that uniquely identifies the data subject. Therefore the subject identifier can also be a data field identifier); generate the access token that enables access to the first set of data fields from one or more data sources (paragraph 76 discloses generating the access token that enables access to the [defined sensitive data] according to the one or more authorization parameters. Claim 8 reveals wherein the one or more authorization parameters include a data source parameter and claim 9 reveals wherein the data definition includes a subset of a plurality of data elements available to provide to the service provider computing device from one or more data sources); transmit a response including the access token to the remote computing device of the first data subject (paragraph 76 discloses transmitting to the remote client computing device of the first data subject, a response including the access token); receive, from the service provider computing device, an inputted token and a second set of data fields to which access is expected to be provided (paragraph 60 discloses receiving from the service provider an access token and source of the data+ subject identifier/ second set of data element); compare the inputted token to the generated token (paragraphs 32 and 61 discloses the token provider compares the received access token (and, in some embodiments, the subject identifier) to the stored access token to determine whether the received access token is valid); compare the first set of [subject identifier/data field (paragraph 32 discloses the secure manager exchanges messages with the token provider to validate the access token (and the subject identifier/second data element) received from the service provider. The data storage provider sends a validation request message to the token provider, the validation request message including the access token and, in some embodiments, a subject identifier. The subject identifier (second data element) form the service provider may be the same as the subject identifier (first data element) transmitted from the client computing device. The token provider compares the received access token (and, in some embodiments, the subject identifier) to the stored access token (the subject identifier) to determine whether the received access token is valid. A subject identifier is a data field ); in response to the tokens matching and the first set of [subject identifier/data field], transmit a validation message including the sensitive data associated with the first set of data elements to the service provider computing device (paragraphs 32-33 disclose in response to the match of the access tokens (and the subject identifiers and in other embodiments the data definition and/or authorization parameters), the token provider returns validation response including access approval that may include the data definition (data definition includes data identifier and data field) and/or the authorization parameters associated with the valid stored access token. In some embodiments, the access token itself defines what data is accessible. The data storage provider provides access to PII under the conditions of the access token. The data storage provider transmits the approved and authorized data back to the service provider computing device. A subject identifier is a data field). Watkins does not teach receive, from a remote client computing device of a first data subject, a record set of data field elements and associated sensitive data of the first data subject; wherein the request includes a first set of data elements that is subset of the record set, identifying the sensitive data for which access is being requested; compare each of the first set of data elements with the second set of data elements; and in response to the token matchings and the first set of data elements matching the second set of data elements, transmit the sensitive data associated with the first set of data elements to the service provider computing device. Volini teaches the request includes a first set of data elements identifying the sensitive data (paragraph 116 reveal the process of the received request involves determining whether the required information has been received, such as user-identifying information (e.g., name), access-right identifying information (e.g., identifying a resource and/or resource-access characteristic (which can be the data field identifier or data field )), user contact information (e.g., address, phone number, and/or email address), and/or user device information (e.g., type of device, device identifier, and/or IP address. Paragraph 42 also reveals the request can include one or more constraints, which can correspond to (for example) values (e.g., to be matched or to define a range) of particular fields); and further teaches comparing the first set data elements with the second set of data elements (paragraphs 116, 120-123, and 128-132 reveal matching access rights characteristic received in the request from those query in resource status data store, recall that the request includes user-identifying information (e.g., name), access-right identifying information (e.g., identifying a resource and/or resource-access characteristic (which can be the data field identifier or data field)) user contact information (e.g., address, phone number, and/or email address), and/or user device information (e.g., type of device, device identifier, and/or IP address). It would have been obvious to one having ordinary before the effective filing date of the claimed invention to modify Watkins’ request and steps of comparing the subject identifiers with Volini’s teachings of the request including data elements and comparing the data elements to provide improve controlled of the storage and transmission of data while prevent malicious actor from unauthorized access to the data (paragraph 3 of Volini). The combination of Watkins in view of Volini does not teach, but Dissanayake teaches receive, from a remote client computing device of a first data subject, a record set of data field elements and associated sensitive data of the first data subject (paragraph 71 reveals data access network may receive, from data provider, data records or user data elements associated with a user. Data elements may relate to sensitive data such as checking account information of a user, medical copays made by the user); wherein the request includes a first set of data elements that is subset of the record set, identifying the sensitive data for which access is being requested (paragraph 71 reveals data access network may receive, from data provider, data records or user data elements associated with a user. Data elements may relate to sensitive data such as checking account information of a user, medical copays made by the user; paragraph 83 reveals receiving from a user device a request to grant authorization for data recipient to access user information associated with the data provider. The user information may correspond to financial information of use); compare each of the first set of data elements with the second set of data elements (paragraph 16 reveals matchings data elements of the data record that match permissible data elements specified in the data directive. See also paragraph 116); and in response to the token matchings (paragraphs 92-93 and 98-99 reveal verifying/matching the authentication token such as password) and the first set of data elements matching the second set of data elements (paragraph 16 reveals matchings data elements of the data record that match permissible data elements specified in the data directive. See also paragraph 116), transmit the sensitive data associated with the first set of data elements to the service provider computing device (paragraph 95 reveals transmitting filtered user information to data recipient/service provider, see also paragraph 15 which reveal the filtered data elements provided to the data recipient comprise data from the user selected account. See also paragraphs 67, 79, 125, wherein the data element can include account number, account balance). It would have been obvious to one having ordinary before the effective filing date of the claimed invention to modify Watkins’ request and steps of comparing the subject identifiers in view of Volini’s teachings of the request including data elements and comparing the data elements with Dissanayake’s teachings of matchings authentication tokens and data elements to provide improved method to selectively control access to data by efficiently analyzing the data received from the data provider and provide only data permitted by the data directive to a data recipient (paragraph 1 and 6 of Dissanayake). Claim(s) 3 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over US 20220027499 (hereinafter Watkins), in further view of Volini et al US 20170111350 (hereinafter Volini), in further view of Dissanayake et al US 20230129541 (hereinafter Dissanayake), and in further view of Heeren et al US 20120166223 (hereinafter Heeren). As to claim 3, the combination of Watkins in view of Volini and Dissanayake teaches all the limitations recited in claim 2 above, but does not teach, yet Heeren teaches wherein the error message prompts the first data subject to provide access to data fields of the second set of data fields that do not appear in the first set of data fields to the service provider (Heeren: paragraphs 37 and 46 disclose if the data elements do not match, the organization is prompted to provide additional attributes for a second client, and the system provides access to the service when the they match based on the additional attributes for the second client and not based on the first data elements). It would have been obvious to one having ordinary before the effective filing date of the claimed invention to modify Watkins’ request and steps of comparing the subject identifiers in view of Volini’s teachings of the request including data field identifiers and comparing the data field and Dissanayake’s teachings of matchings authentication tokens and data elements with Heeren’s teachings of the error message prompts and making determination to provide data to provide improved services for determining whether the service provider/organization is authentic for offering data sharing services (paragraphs 1 and 37 of Heeren). As to claim 16, the combination of Watkins in view of Volini and Dissanayake teaches all the limitations recited in claim 15 above, but does not teach, yet Heeren teaches wherein the error message prompts the first data subject to provide access to data fields of the second set of data fields that do not appear in the first set of data fields to the service provider (Heeren: paragraphs 37 and 46 disclose if the data elements do not match, the organization is prompted to provide additional attributes for a second client, and the system provides access to the service when the they match based on the additional attributes for the second client and not based on the first data elements). It would have been obvious to one having ordinary before the effective filing date of the claimed invention to modify Watkins’ request and steps of comparing the subject identifiers in view of Volini’s teachings of the request including data field identifiers and comparing the data field and Dissanayake’s teachings of matchings authentication tokens and data elements with Heeren’s teachings of the error message prompts and making determination to provide data to provide improved services for determining whether the service provider/organization is authentic for offering data sharing services (paragraphs 1 and 37 of Heeren). Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to FELICIA FARROW whose telephone number is (571)272-1856. The examiner can normally be reached M - F 7:30am-4:00pm (EST). Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached at (571)270-5143. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /F.F/Examiner, Art Unit 2437 /ALI S ABYANEH/Primary Examiner, Art Unit 2437