DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 have been examined.
Response to Arguments
Applicant’s arguments with respect to claims 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Andrade U.S. 2018/0343120 (hereinafter Andrade) in view of Gross et al. U.S. 2025/0131994 (hereinafter Gross) and further in view of Gonzales, Jr. U.S. 2023/0122875 (hereinafter Gonzales).
As per claim 1, 12 and 20, Andrade discloses a method/system/medium of providing protected personal data management using a permissioned blockchain, the system comprising a communication interface; a memory; and one or more processors communicatively coupled with the communication interface and the memory, the one or more processors configured to (Andrade: Fig. 1):
Receiving, via the communication interface, a request to provide management of personal data of a user (Andrade: [0018]-[0019]: receiving verified first document from a first entity to establish pre-authorized and agreed-to in advance smart contract for managing personal data; [0095]-[0100]: registering entities and allow management of personal data through cross-verification);
responsive to receiving the request, securely obtaining the personal data from the user, the personal data comprising one or more items of information personal to the user (Andrade: [0034]-[0035]);
validating the one or more items of information based on executing the one or more validation conditions of the smart contract, wherein validating comprises verifying the one or more items of information with one or more verifying entities (Andrade: [0042]: verify document supported based on evidence provided by a third party or entities; [0099]-[0100]);
enabling the user to enter into a smart contract, wherein the smart contract establishes conditions for one or more authenticated entities to access at least a portion of the one or more items of information of the personal data via the permissioned blockchain (Andrade: [0109]: entity A specifies condition in smart contract to authorize access by entity B; [0040]: implementation using permissioned blockchain); and
appending the smart contract to the permissioned blockchain (Andrade: [0115]-[0117]: record the smart contract and enforce terms of access).
Andrade does not explicitly disclose identifying or selecting a smart contract that defines one or more validation conditions, storing at least a portion of the personal data in a secure temporary holding location pending validation of the one or more items of information, and validating the one or more items of information based on executing the one or more validation conditions of the smart contract, wherein validating comprises verifying the one or more items of information with one or more verifying entities; responsive to successful validation, appending at least a portion of the personal data to the permissioned blockchain. However, Gross discloses receiving request to store personal data associated with user in blockchain, store the received data into a “temporary storage” before validation is completed, and store the data into blockchain when validation conditions are satisfied (Gross: [0068]: “temporary storage” for non-validated data until authority server validates a threshold number of certificates; [0069]-[0075]: evaluate validation conditions to determine sufficient number of validations are satisfied depending on the type of data, update blockchain upon successful validation, i.e. by physician, researcher, etc.). It would have been obvious to one having ordinary skill in the art to hold data in buffer or secure temporary storage before committing the data into blockchain because they are analogous art. The motivation to combine would be to ensure authenticity of data and protect data pending data validation.
Andrade as modified discloses establishing smart contract to govern access to user data. Andrade does not explicitly disclose in detail about establishing smart contract in a permissioned blockchain to regulate storing and access to personal user information. However, Gonzales discloses create smart contract in blockchain to control access to authorized parties (Gonzales: [0008]-[0011]; [0110]: authorized access blockchain establishes smart contract to determine which platform is authorized to access specific personal information). It would have been obvious to one having ordinary skill in the art to establish conditions via smart contract to automatically control access to personal data according user specified condition, as well known in the art.
As per claim 2 and 13, Andrade as modified discloses the limitations of claims 1 and 12 respectively. Andrade further discloses granting an authenticated entity access to the at least a portion of the one or more items of information of the personal data via the permissioned blockchain, in accordance with the smart contract (Andrade: [0025]-[0027]: permissioned blockchain using smart contract to manage access; [0086]: providing different levels of access to authenticated entities).
As per claim 3, Andrade as modified discloses the method of claim 1. Andrade further discloses wherein the request further includes authentication information of the user (Andrade: [0004]-[0008]).
As per claim 4 and 14, Andrade as modified discloses the limitations of claims 1 and 12 respectively. Andrade further discloses wherein receiving the request, obtaining the personal data from the user, enabling the user to enter into the smart contract, or any combination thereof, is/are performed over an encrypted communication session between a server and a user device (Andrade: [0017]: encrypted communications).
As per claim 5 and 15, Andrade as modified discloses the limitations of claims 1 and 12 respectively. Andrade further discloses comprising establishing multi-factor authentication with the user for accessing the permissioned blockchain (Andrade: [0054]: multi-factor personal identity verification).
As per claim 6 and 16, Andrade as modified discloses the limitations of claims 1 and 12 respectively. Andrade further discloses sharing a cryptographic key for the smart contract with a user device (Andrade: [0115]).
As per claim 7 and 17, Andrade as modified discloses the limitations of claims 6 and 16 respectively. Andrade further discloses wherein the cryptographic key is periodically updated, uses information obtained from subscriber authentication, or any combination thereof (Andrade: [0113]-[0115]: smart contract signed with user’s private key).
As per claim 8, Andrade as modified discloses the method of claim 1. Andrade further discloses wherein the smart contract further establishes credentials for the one or more authenticated entities to access the at least a portion of the one or more items of information of the personal data (Andrade: [0086]-[0087]: different levels of access).
As per claim 9 and 18, Andrade as modified discloses the limitations of claims 1 and 12 respectively. Andrade further discloses providing the user with a list of regulatory entities, business entities, or both, that may have personal data records of the user (Andrade: Fig. 3; [0096]-[0100]).
As per claim 10 and 19, Andrade as modified discloses the limitations of claims 1 and 12 respectively. Andrade as modified further discloses enabling the user to modify permissions of one or more of the authenticated entities for accessing the at least a portion of the one or more items of information of the personal data (Gonzales: [0040]: add or modify authorized access data). It would have been obvious to one having ordinary skill in the art to allow modification to permission data in smart contract to adjust to changing circumstances.
As per claim 11, Andrade as modified discloses the method of claim 1. Andrade as modified further discloses enabling the user to remove at least a portion of the one or more of the authenticated entities from the smart contract (Gonzales: [0040]: add or modify authorized access data). It would have been obvious to one having ordinary skill in the art to allow modification to permission data in smart contract to adjust to changing circumstances.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHIN HON (ERIC) CHEN whose telephone number is (571)272-3789. The examiner can normally be reached Monday to Thursday 9am- 7pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached at 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SHIN-HON (ERIC) CHEN/Primary Examiner, Art Unit 2431