SYSTEM AND METHODS FOR MANAGING ACCESS TO A PROTECTED DATA RESOURCE

§102 §103

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Status Applicant’s amendment overcomes the 112(b) rejections to claims 18-19. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1, 4, 7, 11, 14, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over West (US 20070192248 A1) in view of McMillen (US 20250245763 A1). Regarding claim 1, West teaches a computing system, comprising: a processor; and a memory coupled to the processor, the memory storing computer-executable instructions that, when executed by the processor, configure the processor to: (Fig. 1. Claim 25.) receive, via a user interface on a first computing device at a first time, an access request for accessing a specified account; (Fig. 4 and [0032]: The third-party server receives a request from the guardian to access a financial account belonging to an account owner (step 402). Claim 25: an interface within the computer system configured to receive a request from the guardian to access the financial account, wherein the financial account (e.g., a specified account) belongs to the account owner. [0015]: the financial account can include, but is not limited to: a bank account; a credit-card account; a credit report, or an investment account.) obtain data capturing account activity of the specified account prior to the first time; (Fig. 1 and [0032]: referring to FIG. 1, this authorization information can be stored (e.g., prior to the first time) in guardian profile 109, or alternatively in account-owner profile 108, or in some other data stored in database 112.) determine a first status of a first requesting account associated with the access request based on the obtained data, the first status indicating a determined relationship between the specified account and the first requesting account; and (Fig. 4 and [0031]-[0032]: First, guardian 114 sets up an account (e.g., a first requesting account) and an associated guardian profile 109 (step 320). Next, guardian 114 receives permission to access one or more accounts belonging to account owner 104 (step 322). The third-party server receives a request from the guardian to access a financial account belonging to an account owner (step 402). Next, the system determines whether the guardian is authorized the access the financial account (step 404). This can involve accessing account-specific authorization information stored locally at the third-party server. For example, referring to FIG. 1 this authorization information can be stored in guardian profile 109, or alternatively in account-owner profile 108, or in some other data stored in database 112.) configure the user interface to selectively enable account features of the specified account based on the first status of the first requesting account. (Fig. 4 and [0033]: if the guardian is authorized to access the financial account, the third-party server can provide the guardian with read-only access (e.g., selectively enable account features) to the financial account (step 408).) West does not explicitly disclose the data comprising historical records of the account activity. However, McMillen teaches the data comprising historical records of the account activity. ([0028]: the online system is able to detect potential new beneficiaries or new assets by analyzing transactional histories of the user. [0056]: The model may identify a relationship between two people based on a transaction history (e.g., allowance paid to a child), shared addresses, shared accounts, account access history, or the like. The related user may be a potential beneficiary.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include above limitation into West. One would have been motivated to do so because it is desirable for an improved online system for managing beneficiaries and assets of a will is configured to access transaction data related to a user; identify a person or a property based on the transaction data; present a confirmation request to the user to confirm that the person is a beneficiary of the will or that the property is an asset of the will; and add, in response to receiving a confirmation from the user, the person to a list of beneficiaries of the will, or the property to a list of assets of the will. As taught by McMillen, Abstract. Regarding claim 4, West and McMillen teach the computing system of claim 1. West teaches wherein the first status includes an indicator of probability of the determined relationship between specified account and the first requesting account. ([0026]: Guardian 114 can include any person who can monitor an account on behalf of an account owner 104. For example, account owner 104 can be a senior citizen, and guardian 114 can be an adult child (or caretaker) of the senior citizen. [0032]: referring to FIG. 1, this authorization information can be stored (e.g., prior to the first time) in guardian profile 109, or alternatively in account-owner profile 108, or in some other data stored in database 112.) Regarding claim 7, West and McMillen teach the computing system of claim 1. West teaches wherein the instructions, when executed, further configure the processor to: detect a first account activity for the specified account that is associated with the first requesting account; ([0029]: a component 208 which receives updates from account owners or guardians. [0030]: account owner 104 sets up an account and an associated account-owner profile 108. Next, account owner 104 specifies which accounts to monitor (step 302), and how to access the accounts (step 304).) determine an updated first status of the first requesting account based on the detected first account activity; and (Fig. 1 and [0032]: the system determines whether the guardian is authorized the access the financial account (step 404). This can involve accessing account-specific authorization information stored locally at the third-party server. For example, referring to FIG. 1, this authorization information can be stored (e.g., prior to the first time) in guardian profile 109, or alternatively in account-owner profile 108, or in some other data stored in database 112.) configure the user interface to selectively enable account features of the specified account in accordance with the updated first status of the first requesting account. (Fig. 4 and [0033]: if the guardian is authorized to access the financial account, the third-party server can provide the guardian with read-only access (e.g., selectively enable account features) to the financial account (step 408).) Same rationale applies to the rejection of claim 11 (method) because it is substantially similar to claim 1 (system). Same rationale applies to the rejection of claim 14 (method) because it is substantially similar to claim 4 (system). Same rationale applies to the rejection of claim 17(method) because it is substantially similar to claim 7 (system). Claim(s) 2-3, 5-6, 10, 12-13, 15-16, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over West (US 20070192248 A1) in view of McMillen (US 20250245763 A1), and in view of Allinson (US 20170091887 A1). Regarding claim 2, West and McMillen teach the computing system of claim 1. McMillen teaches wherein the historical records of the account activity of the specified account comprises address history identifying at least one shared address. ([0056]: identify a relationship between two people based on a transaction history (e.g., allowance paid to a child), shared addresses, shared accounts, account access history, or the like.) West and McMillen do not explicitly disclose wherein the historical records of the account activity of the specified account comprises at least one of: a list of one or more beneficiaries determined based on historical account records of savings plans associated with the specified account; a list of one or more beneficiaries of life insurance policies associated with the specified account; a list of one or more payees determined based on historical payments data of the specified account; a list of one or more joint account holders of the specified account; a set of one or more insurance documents associated with the specified account; a list of one or more co-signers of loans or mortgages associated with the specified account; travel patterns based on historical transactions data of the specified account. However, Allinson teaches wherein the data capturing the account activity of the specified account comprises at least one of: a list of one or more beneficiaries determined based on historical account records of savings plans associated with the specified account; a list of one or more beneficiaries of life insurance policies associated with the specified account; a list of one or more payees determined based on historical payments data of the specified account; a list of one or more joint account holders of the specified account; a set of one or more insurance documents associated with the specified account; a list of one or more co-signers of loans or mortgages associated with the specified account; travel patterns based on historical transactions data of the specified account. ([0003]: An individual may ensure that their beneficiaries will have access to their online accounts upon their death. In one embodiment, an indication of a number of beneficiaries that are to be granted access to a user account may be received via a graphical user interface. [0028]: The number of beneficiaries may be entered by the user, selected, or otherwise indicated via the graphical user interface. [0045]: the user account is associated with a bank account.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include above limitation into West and McMillen. One would have been motivated to do so because Many people have wills that set forth their wishes regarding the distribution of their assets after their death. Typically, wills designate beneficiaries and the property that they will receive. However, people do not typically consider their electronic assets when drafting their wills. An individual may ensure that their beneficiaries will have access to their online accounts upon their death. In one embodiment, an indication of a number of beneficiaries that are to be granted access to a user account may be received via a graphical user interface. As taught by Allinson, [0002]-[0003]. Regarding claim 3, West and McMillen teach the computing system of claim 1. West and McMillen do not explicitly disclose wherein the access request comprises a request to log in to the specified account using the user interface. However, Allinson teaches wherein the access request comprises a request to log in to the specified account using the user interface. ([0051]-[0054]: Upon successfully verifying that the keys it has received from the beneficiaries, when combined, generate the master key for the user account, the system may provide a token or password for accessing the user account. The token or password may be provided via a graphical user interface, electronic mail, and/or another form of communication. The password or token may be provided to the beneficiaries or made available for access by the beneficiaries. Once the beneficiaries have the password or token, any of the beneficiaries may independently access the user account (e.g., log in) according to the scope of access granted to the beneficiaries.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include above limitation into West and McMillen. One would have been motivated to do so because Many people have wills that set forth their wishes regarding the distribution of their assets after their death. Typically, wills designate beneficiaries and the property that they will receive. However, people do not typically consider their electronic assets when drafting their wills. An individual may ensure that their beneficiaries will have access to their online accounts upon their death. Once the beneficiaries have the password or token, any of the beneficiaries may independently access the user account (e.g., login) according to the scope of access granted to the beneficiaries. As taught by Allinson, [0002]-[0003] and [0054]. Regarding claim 5, West and McMillen teach the computing system of claim 1. West and McMillen do not explicitly disclose wherein the instructions, when executed, further configure the processor to generate recommendations of user rights for the first requesting account based on the first status. However, Allinson teaches wherein the instructions, when executed, further configure the processor to generate recommendations of user rights for the first requesting account based on the first status. ([0045]: The various possible access scopes that are available may vary with the type of user account. For example, where the user account is an electronic mail account, the possible access scopes may include read access and read/write access. As another example, where the user account is associated with a bank account, the possible access scopes may include deposit, withdraw, check writing, and view balance. [0051]-[0054]: Once the beneficiaries have the password or token, any of the beneficiaries may independently access the user account according to the scope of access granted to the beneficiaries.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include above limitation into West and McMillen. One would have been motivated to do so because Many people have wills that set forth their wishes regarding the distribution of their assets after their death. Typically, wills designate beneficiaries and the property that they will receive. However, people do not typically consider their electronic assets when drafting their wills. An individual may ensure that their beneficiaries will have access to their online accounts upon their death. The user may also indicate a scope of access to the user account that the user wishes to be granted to his or her beneficiaries after his or her death. Once the beneficiaries have the password or token, any of the beneficiaries may independently access the user account (e.g., login) according to the scope of access granted to the beneficiaries. As taught by Allinson, [0002]-[0003], [0032], and [0054]. Regarding claim 6, West and McMillen teach the computing system of claim 1. West and McMillen do not explicitly disclose wherein the instructions, when executed, further configure the processor to determine a mapping between relationship indicators and user rights in connection with the specified account, wherein the first status of the first requesting account is determined based on the mapping. However, Allinson teaches wherein the instructions, when executed, further configure the processor to determine a mapping between relationship indicators and user rights in connection with the specified account, wherein the first status of the first requesting account is determined based on the mapping. ([0032]: the user may also indicate a scope of access to the user account that the user wishes to be granted to his or her beneficiaries after his or her death. More particularly, the system may receive, via a graphical user interface, an indication of an access scope to be provided to the beneficiaries that are granted access to the user account. [0051]-[0054]: Once the beneficiaries have the password or token, any of the beneficiaries may independently access the user account according to the scope of access granted to the beneficiaries.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include above limitation into West and McMillen. One would have been motivated to do so because Many people have wills that set forth their wishes regarding the distribution of their assets after their death. Typically, wills designate beneficiaries and the property that they will receive. However, people do not typically consider their electronic assets when drafting their wills. An individual may ensure that their beneficiaries will have access to their online accounts upon their death. The user may also indicate a scope of access to the user account that the user wishes to be granted to his or her beneficiaries after his or her death. Once the beneficiaries have the password or token, any of the beneficiaries may independently access the user account (e.g., login) according to the scope of access granted to the beneficiaries. As taught by Allinson, [0002]-[0003], [0032], and [0054]. Regarding claim 10, West and McMillen teach the computing system of claim 1. West and McMillen do not explicitly disclose wherein configuring the user interface to selectively enable account features of the specified account comprises: determining a set of permitted account features for the first requesting account; and enabling only those user interface elements associated with the permitted account features on the user interface. However, Allinson teaches wherein configuring the user interface to selectively enable account features of the specified account comprises: determining a set of permitted account features for the first requesting account; and enabling only those user interface elements associated with the permitted account features on the user interface. ([0032]: the user may also indicate a scope of access to the user account that the user wishes to be granted to his or her beneficiaries after his or her death. More particularly, the system may receive, via a graphical user interface, an indication of an access scope to be provided to the beneficiaries that are granted access to the user account. [0051]-[0054]: Once the beneficiaries have the password or token, any of the beneficiaries may independently access the user account according to the scope of access granted to the beneficiaries.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include above limitation into West and McMillen. One would have been motivated to do so because Many people have wills that set forth their wishes regarding the distribution of their assets after their death. Typically, wills designate beneficiaries and the property that they will receive. However, people do not typically consider their electronic assets when drafting their wills. An individual may ensure that their beneficiaries will have access to their online accounts upon their death. The user may also indicate a scope of access to the user account that the user wishes to be granted to his or her beneficiaries after his or her death. Once the beneficiaries have the password or token, any of the beneficiaries may independently access the user account (e.g., login) according to the scope of access granted to the beneficiaries. As taught by Allinson, [0002]-[0003], [0032], and [0054]. Same rationale applies to the rejection of claim 12 (method) because it is substantially similar to claim 2 (system). Same rationale applies to the rejection of claim 13 (method) because it is substantially similar to claim 3 (system). Same rationale applies to the rejection of claim 15 (method) because it is substantially similar to claim 5 (system). Same rationale applies to the rejection of claim 16 (method) because it is substantially similar to claim 6 (system). Same rationale applies to the rejection of claim 20 (method) because it is substantially similar to claim 10 (system). Claim(s) 8-9 and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over West (US 20070192248 A1) in view of McMillen (US 20250245763 A1), and in view of Raj (US 20110238553 A1). Regarding claim 8, West and McMillen teach the computing system of claim 7. West and McMillen do not explicitly disclose wherein determining the updated first status of the first requesting account comprises determining that a frequency of the first account activity exceeds a defined threshold value However, Raj teaches wherein determining the updated first status of the first requesting account comprises determining that a frequency of the first account activity exceeds a defined threshold value ([0065]: an initial transfer condition (e.g., exceeds a defined threshold) may be to validate or authenticate the beneficiary prior to the funds being transferred out of escrow (or the provider account). For example, the beneficiary may provide the GUID to the distribution partner agent or enter the GUID into a terminal that is communicatively connected to the host device. The GUID or other identifying data of the beneficiary that is then compared by the host device 120 or a third party and matched against identifiers of corresponding authorized beneficiaries. If a match is found, the beneficiary is authorized to activate the account and access the corresponding transferred funds.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include above limitation into West and McMillen. One would have been motivated to do so because an initial transfer condition may be to validate or authenticate the beneficiary prior to the funds being transferred out of escrow (or the provider account). The GUID or other identifying data of the beneficiary that is then compared by the host device or a third party and matched against identifiers of corresponding authorized beneficiaries. If a match is found, the beneficiary is authorized to activate the account and access the corresponding transferred funds. As taught by Raj, [0065]. Regarding claim 9, West and McMillen teach the computing system of claim 7. West and McMillen do not explicitly disclose wherein the first account activity comprises a transfer of data from the specified account to a first account of the first requesting account. However, Raj teaches wherein the first account activity comprises a transfer of data from the specified account to a first account of the first requesting account. ([0065]: an initial transfer condition may be to validate or authenticate the beneficiary prior to the funds being transferred out of escrow (or the provider account). For example, the beneficiary may provide the GUID to the distribution partner agent or enter the GUID into a terminal that is communicatively connected to the host device. The GUID or other identifying data of the beneficiary that is then compared by the host device 120 or a third party and matched against identifiers of corresponding authorized beneficiaries. If a match is found, the beneficiary is authorized to activate the account and access the corresponding transferred funds.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include above limitation into West and McMillen. One would have been motivated to do so because an initial transfer condition may be to validate or authenticate the beneficiary prior to the funds being transferred out of escrow (or the provider account). The GUID or other identifying data of the beneficiary that is then compared by the host device or a third party and matched against identifiers of corresponding authorized beneficiaries. If a match is found, the beneficiary is authorized to activate the account and access the corresponding transferred funds. As taught by Raj, [0065]. Same rationale applies to the rejection of claim 18 (method) because it is substantially similar to claim 8 (system). Same rationale applies to the rejection of claim 19 (method) because it is substantially similar to claim 9 (system). Response to Arguments Applicant's arguments, see pages 7-10, filed 02/13/2026, with respect to the rejection(s) of claims 1-20 under 35 U.S.C. § 102 and 35 U.S.C. § 103 have been fully considered but are moot in view of new ground(s) of rejection. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZI YE whose telephone number is (571)270-1039. The examiner can normally be reached Monday - Friday, 8:00am - 4:00pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Emmanuel Moise can be reached at 5712723865. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /ZI YE/Primary Examiner, Art Unit 2455