Prosecution Insights
Last updated: April 17, 2026
Application No. 18/723,533

A CLOUD-BASED ERP SYSTEM FOR SECURE DATA EXCHANGE BETWEEN ENTITIES

Non-Final OA §101§102§103
Filed
Jun 24, 2024
Examiner
LADONI, AHOORA
Art Unit
3689
Tech Center
3600 — Transportation & Electronic Commerce
Assignee
unknown
OA Round
1 (Non-Final)
0%
Grant Probability
At Risk
1-2
OA Rounds
3y 0m
To Grant
0%
With Interview

Examiner Intelligence

Grants only 0% of cases
0%
Career Allow Rate
0 granted / 13 resolved
-52.0% vs TC avg
Minimal +0% lift
Without
With
+0.0%
Interview Lift
resolved cases with interview
Typical timeline
3y 0m
Avg Prosecution
30 currently pending
Career history
43
Total Applications
across all art units

Statute-Specific Performance

§101
36.8%
-3.2% vs TC avg
§103
39.6%
-0.4% vs TC avg
§102
15.7%
-24.3% vs TC avg
§112
6.0%
-34.0% vs TC avg
Black line = Tech Center average estimate • Based on career data from 13 resolved cases

Office Action

§101 §102 §103
DETAILED ACTION Status of Claims Claims 1-16 submitted on 06/24/2024 are pending and have been examined. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Priority Acknowledgement is made of applicant’s claim for foreign priority under 35 U.S.C. 119(a)-(d). The certified copy has been filed in parent application No. IN202141060251, filed on 12/23/2021. Acknowledgement is made of applicant’s claim for a 371 of international application. The certified copy has been filed in application No. PCT/IB2022/062742, filed on 12/23/2022. Claim Objections Claim 13 is objected to because of the following informalities: Claim 13 recites “first entity is an authorized user of the ERP system” on page 3 of the claims submitted on 06/24/2024. This is a typographical error as an ERP system is not previously recited in the claim. For purposes of compact prosecution, Examiner will interpret the limitation as “… first entity is an authorized user of an ERP system.” Appropriate correction is required. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-16 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception without significantly more. The claims recite an abstract idea. This judicial exception is not integrated into a practical application. The claim(s) do not include additional elements that are sufficient to amount to significantly more than the judicial exception. Step 1 Claims 1-8 are directed to a process, claims 9-12 are directed to a machine, and claims 13-16 are directed to an article of manufacture (see MPEP 2106.03). Step 2A, Prong 1 Claim 1, taken as representative, recites at least the following limitations that recite an abstract idea: a method for secure data exchange between entities, the method being performed, the method comprising: sending on behalf of a first entity, to a second entity, wherein the first entity is an authorized user and the second entity is an unauthorized user; receiving an indication that has been selected by the second entity; verifying, in response to the indication, the second entity; and facilitating the second entity to either view a first data or add a second data. The above limitation, under its broadest reasonable interpretation, falls within the “Certain Methods of Organizing Human Activity” grouping of abstract ideas, enumerated in MPEP 2106.04(a)(2)(II), in that it recites a commercial interaction, see ¶¶0004-0006 of the instant specification. Claims 9 and 13 recites similar limitations as claim 1. Thus, under Prong 1 of Step 2A, claims 1, 9, and 13 recite an abstract idea. Step 2A, Prong 2 Claim 1 includes the following additional elements that are bolded: a method for secure data exchange between entities, the method being performed by an Enterprise Resource Planning (ERP) system, the method comprising: sending on behalf of a first entity, a link to a second entity, wherein the first entity is an authorized user of the ERP system and the second entity is an unauthorized user of the ERP system; receiving an indication that the link has been selected by the second entity in an end user system; verifying, in response to the indication, the second entity based on the link; and facilitating the second entity to either view a first data stored in the ERP system or add a second data to the ERP system. Claims 9 and 13 include the same additional elements as claim 1. In addition, claim 13 includes additional elements such as a non-transitory machine-readable medium storing one or more sequences of instructions for secure data exchange between entities, wherein execution of said one or more instructions by one or more processors contained in a digital processing system causes said digital processing system to perform the actions of. The additional elements recited in claims 1, 9, and 13 merely invoke such elements as a tool to perform the abstract idea and generally link the use of the abstract idea to a particular technological environment of digital processing systems (see MPEP 2106.05(f) and MPEP 2106.05(h). These additional elements are described at a high level in Applicant’s specification without any meaningful detail about their structure or configuration (see Fig. 5 and ¶0064). As such, under Prong 2 of Step 2A, when considered both individually and as a whole, the additional elements do not integrate the judicial exception into a practical application and, thus, claims 1, 9, and 13 are directed to an abstract idea. Step 2B As noted above, while the recitation of the additional elements in independent claims 1, 9, and 13 are acknowledged, claims 1, 9, and 13 merely invoke such additional elements as a tool to perform the abstract idea and generally link the use of the abstract idea to a particular technological environment (see MPEP 2106.05(f) and MPEP 2106.05(h)). Even when considered as an ordered combination, the additional elements of claim 1, 9, and 13 do not add anything that is not already present when they are considered individually. Therefore, under Step 2B, there are no meaningful limitations in claims 1, 9, and 13 that transform the judicial exception into a patent eligible application such that the claims amount to significantly more than the judicial exception itself (see MPEP 2106.05). As such, independent claims 1, 9, and 13 are ineligible. Dependent claims 3, 4, 6, 8, 11, 12, 15, and 16 when analyzed as a whole, are held to be patent ineligible under 35 U.S.C. 101 because they do not add “significantly more” to the abstract idea. More specifically, dependent claims 3, 4, 6, 8, 11, 12, 15, and 16 merely further define the abstract limitations of claims 1, 9, and 13 or provide further embellishments of the limitations recited in independent claims 1, 9, and 13. Claims 3, 4, 6, 8, 11, 12, 15, and 16 do not introduce any further additional elements. Thus, dependent claims 3, 4, 6, 8, 11, 12, 15, and 16 are ineligible. Furthermore, it is noted that certain dependent claims recite additional elements supplemental to those recited in independent claims 1, 9, and 13: a uniform resource locator (URL) (claims 2, 10, and 14) and a user interface to be displayed (claims 5 and 7). However, these elements do not integrate the abstract idea into a practical application because they merely amount to using a computer to apply the abstract idea to a particular technological environment or field of use and thus do not act to integrate the abstract idea into a practical application of the abstract idea. Additionally, the additional elements do not amount to significantly more because they merely amount to using a computer to apply the abstract idea and amount to no more than a general link of the use of the abstract idea to a particular technological environment. Thus, dependent claims 2, 5, 7, 10, and 14 are ineligible. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claim(s) 1, 5, 7, 9, and 13 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Chang et al. (US 2019/0286827 A1). Regarding Claim 1, Chang et al., hereinafter, Chang, discloses a method for secure data exchange between entities, the method being performed by an Enterprise Resource Planning (ERP) system, the method comprising (Fig. 3; ¶0025[The process shown in FIG. 3 can be used, for example, to share a cloud drive generated by the process shown in FIG. 2 to a recipient. At operation 362, a user operating user computing device 310 may log onto remote storage management system 350 (if not already logged on), and request remote storage management system 350 to share a cloud drive created under the user's account. In some embodiments, the user may select one or more cloud drives from a list of the user's cloud drives to share]): sending on behalf of a first entity, a link to a second entity, wherein the first entity is an authorized user of the ERP system and the second entity is an unauthorized user of the ERP system (Fig. 3; ¶¶0025-0026[At operation 364, remote storage management system 350 may generate an access link (e.g., a URL) that can be used by the recipient to access the user's cloud drive and files contained in the cloud drive…The access permissions can be set for the entire cloud drive, or per folder/subfolder or per file in the cloud drive. The access link may also be associated with and/or include any credential (e.g., a token) needed to access the cloud drive such that a recipient without an account with remote storage management system 350 can access the cloud drive] in view of ¶0030[The access tokens can be provided to remote storage management system from each remote storage system in response the user authorizing each remote storage system to grant the remote storage management system access to the user's account.]); receiving an indication that the link has been selected by the second entity in an end user system (¶0028[The user may navigate the directory structure of the cloud drive and attempt to open or access a selected file in the cloud drive. In response to the selection of the file, at operation 462, recipient computing device 420 may send a request to remote storage management system 450 to access the file. In response to the request, remote storage management system 450 may determine the source of the selected file and identify remote storage system 430 as the storage system storing the requested file.]); verifying, in response to the indication, the second entity based on the link (¶0028[The user may navigate the directory structure of the cloud drive and attempt to open or access a selected file in the cloud drive. In response to the selection of the file, at operation 462, recipient computing device 420 may send a request to remote storage management system 450 to access the file. In response to the request, remote storage management system 450 may determine the source of the selected file and identify remote storage system 430 as the storage system storing the requested file.] in view of ¶0041[The remote storage management system may verify the access link and the access permissions for the recipient, and present a directory structure representing the cloud drive on the recipient computing device.]); and facilitating the second entity to either view a first data stored in the ERP system or add a second data to the ERP system (¶0040[The user may also set the read/write permissions of the recipient for the cloud drive to indicate whether the recipient can only view the files in the cloud drive or can modify the files in the cloud drive. The access link can be configured to provide the proper access to the recipient.]). Regarding Claim 5, Chang discloses the method of claim 1, Chang further discloses wherein the facilitating comprises: providing a user interface to be displayed to the second entity on the end user system, wherein the user interface includes the first data thereby enabling the second entity to view the first data (Fig. 1; ¶0040[The user may also set the read/write permissions of the recipient for the cloud drive to indicate whether the recipient can only view the files in the cloud drive or can modify the files in the cloud drive.] in view of ¶0013[Computing device 110 may include a communication interface 112, a processor 114, a computer readable storage element 116, and a user interface 118… User interface 118 may include one or more elements for receiving input from a user and providing outputs to the user. For example, user interface 118 may include a keypad, a display, a touch screen, etc., or a combination thereof.]). Regarding Claim 7, Chang discloses the method of claim 1, Chang further discloses wherein the facilitating comprises: providing a user interface to be displayed to the second entity on the end user system (Fig. 1; ¶0040[The user may also set the read/write permissions of the recipient for the cloud drive to indicate whether the recipient can only view the files in the cloud drive or can modify the files in the cloud drive.] in view of ¶0013[Computing device 110 may include a communication interface 112, a processor 114, a computer readable storage element 116, and a user interface 118… User interface 118 may include one or more elements for receiving input from a user and providing outputs to the user. For example, user interface 118 may include a keypad, a display, a touch screen, etc., or a combination thereof.]); receiving from the end user system, the second data specified by the second entity using the user interface (Fig. 5; ¶0001[Such services allow users to view or access uploaded files from different devices, and may allow different users to access and modify the same uploaded file in a collaborative environment.] in view of ¶0040); and storing the second data in the ERP system thereby enabling the second entity to add the second data to the ERP system (¶0038[Any modifications made to the local copy can be reflected at the source of the file. In other words, changes made to the local copy of the file at the user computing device can be reflected at the file stored at the corresponding remote storage system.]). Regarding Claim 9, Chang discloses a system for secure data exchange between entities, the system comprising: an end-user system operable to be used by a second entity (Fig. 3; ¶0025[The process shown in FIG. 3 can be used, for example, to share a cloud drive generated by the process shown in FIG. 2 to a recipient. At operation 362, a user operating user computing device 310 may log onto remote storage management system 350 (if not already logged on), and request remote storage management system 350 to share a cloud drive created under the user's account. In some embodiments, the user may select one or more cloud drives from a list of the user's cloud drives to share]); an ERP system operable to: sending on behalf of a first entity, a link to the second entity, wherein the first entity is an authorized user of the ERP system and the second entity is an unauthorized user of the ERP system (Figs. 1 and 3; ¶¶0025-0026[At operation 364, remote storage management system 350 may generate an access link (e.g., a URL) that can be used by the recipient to access the user's cloud drive and files contained in the cloud drive…The access permissions can be set for the entire cloud drive, or per folder/subfolder or per file in the cloud drive. The access link may also be associated with and/or include any credential (e.g., a token) needed to access the cloud drive such that a recipient without an account with remote storage management system 350 can access the cloud drive] in view of ¶0030[The access tokens can be provided to remote storage management system from each remote storage system in response the user authorizing each remote storage system to grant the remote storage management system access to the user's account.]); receiving an indication that the link has been selected by the second entity in the end user system (¶0028[The user may navigate the directory structure of the cloud drive and attempt to open or access a selected file in the cloud drive. In response to the selection of the file, at operation 462, recipient computing device 420 may send a request to remote storage management system 450 to access the file. In response to the request, remote storage management system 450 may determine the source of the selected file and identify remote storage system 430 as the storage system storing the requested file.]); verifying, in response to the indication, the second entity based on the link (¶0028[The user may navigate the directory structure of the cloud drive and attempt to open or access a selected file in the cloud drive. In response to the selection of the file, at operation 462, recipient computing device 420 may send a request to remote storage management system 450 to access the file. In response to the request, remote storage management system 450 may determine the source of the selected file and identify remote storage system 430 as the storage system storing the requested file.] in view of ¶0041[The remote storage management system may verify the access link and the access permissions for the recipient, and present a directory structure representing the cloud drive on the recipient computing device.]); and facilitating the second entity to either view a first data stored in the ERP system or add a second data to the ERP system (¶0040[The user may also set the read/write permissions of the recipient for the cloud drive to indicate whether the recipient can only view the files in the cloud drive or can modify the files in the cloud drive. The access link can be configured to provide the proper access to the recipient.]). Regarding Claim 13, Chang discloses a non-transitory machine-readable medium storing one or more sequences of instructions for secure data exchange between entities, wherein execution of said one or more instructions by one or more processors contained in a digital processing system causes said digital processing system to perform the actions of (Fig. 6; ¶¶0044-0045[A processing unit can include one or more of a general purpose or specialized microprocessor, FPGA, DSP, or other processor. In some embodiments, a processing unit can be a single core or multicore processor… storage subsystem 610 can include system memory 612 which can include various forms of non-transitory computer readable storage media, including volatile (e.g., RAM, DRAM, cache memory, etc.) and non-volatile (flash memory, ROM, EEPROM, etc.) memory]): sending on behalf of a first entity, a link to the second entity, wherein the first entity is an authorized user of an ERP system and the second entity is an unauthorized user of the ERP system (Fig. 3; ¶¶0025-0026[At operation 364, remote storage management system 350 may generate an access link (e.g., a URL) that can be used by the recipient to access the user's cloud drive and files contained in the cloud drive…The access permissions can be set for the entire cloud drive, or per folder/subfolder or per file in the cloud drive. The access link may also be associated with and/or include any credential (e.g., a token) needed to access the cloud drive such that a recipient without an account with remote storage management system 350 can access the cloud drive] in view of ¶0030[The access tokens can be provided to remote storage management system from each remote storage system in response the user authorizing each remote storage system to grant the remote storage management system access to the user's account.]); receiving an indication that the link has been selected by the second entity in the end user system (¶0028[The user may navigate the directory structure of the cloud drive and attempt to open or access a selected file in the cloud drive. In response to the selection of the file, at operation 462, recipient computing device 420 may send a request to remote storage management system 450 to access the file. In response to the request, remote storage management system 450 may determine the source of the selected file and identify remote storage system 430 as the storage system storing the requested file.]); verifying, in response to the indication, the second entity based on the link (¶0028[The user may navigate the directory structure of the cloud drive and attempt to open or access a selected file in the cloud drive. In response to the selection of the file, at operation 462, recipient computing device 420 may send a request to remote storage management system 450 to access the file. In response to the request, remote storage management system 450 may determine the source of the selected file and identify remote storage system 430 as the storage system storing the requested file.] in view of ¶0041[The remote storage management system may verify the access link and the access permissions for the recipient, and present a directory structure representing the cloud drive on the recipient computing device.]); and facilitating the second entity to either view a first data stored in the ERP system or add a second data to the ERP system (¶0040[The user may also set the read/write permissions of the recipient for the cloud drive to indicate whether the recipient can only view the files in the cloud drive or can modify the files in the cloud drive. The access link can be configured to provide the proper access to the recipient.]). Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 2, 10, and 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chang in view of Meyerson et al. (US 2005/0086683 A1). Regarding Claim 2, Chang discloses the method of claim 1, Chang further discloses wherein the link is an Uniform Resource Locator (URL) (¶0026[At operation 364, remote storage management system 350 may generate an access link (e.g., a URL) that can be used by the recipient to access the user's cloud drive and files contained in the cloud drive.]), wherein causes the indication to be sent to the ERP system when the link is selected by the second entity (¶0028[The user may navigate the directory structure of the cloud drive and attempt to open or access a selected file in the cloud drive. In response to the selection of the file, at operation 462, recipient computing device 420 may send a request to remote storage management system 450 to access the file. In response to the request, remote storage management system 450 may determine the source of the selected file and identify remote storage system 430 as the storage system storing the requested file.]), wherein is used for verifying the second entity (¶0028[The user may navigate the directory structure of the cloud drive and attempt to open or access a selected file in the cloud drive. In response to the selection of the file, at operation 462, recipient computing device 420 may send a request to remote storage management system 450 to access the file. In response to the request, remote storage management system 450 may determine the source of the selected file and identify remote storage system 430 as the storage system storing the requested file.] in view of ¶0041[The remote storage management system may verify the access link and the access permissions for the recipient, and present a directory structure representing the cloud drive on the recipient computing device.]). Although Chang discloses a URL link, Chang does not explicitly disclose a URL containing a first part and a second part wherein the first part causes an indication to be sent and the second part is used for verification. However, Meyerson et al., hereinafter, Meyerson, teaches. (Fig. 7; ¶¶0046-0050[the qualification specification is third-party specific and may specify how one or more tokens or identifiers are to be generated such that a third-party may independently validate a token when received as part of a media resource request… For example, if a media resource request including a URL such as “start.real.com/rd?pid=CNN—222&URL=foo.smi” were to be received by server 702, where “CNN—222” represents a content/partner identifier and “foo.smi” represents the requested media resource, server 702 may access table 600 using “CNN—222” to identify a host address of “media.cnn.com” for the requested media resource. Thereafter, server 702 may generate a response including a URL such as “rtsp://media.cnn.com/foo.smi” or “http://media.cnn.com/foo.smi” depending e.g. upon whether the requested media resource is to be streamed to the requestor. The URL may further include a token generated in accordance with a qualification specification determined based on the identified “media.cnn.com” host address. As described above, the token may include a variety of attributes including content control attributes to indicate to the third-party whether the user has authorized a class of content associated with the requested media resource (e.g. as determined by the “CNN—222” content identifier) to be delivered to the requester]) The method of Meyerson is applicable to the method of Chang as they share characteristics and capabilities, namely, they are both targeted to sharing content online. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the URL link as disclosed by Chang to include a first and second part used for indicating access and verification as taught by Meyerson. One of ordinary skill in the art would have been motivated to expand the method of Chang in order to control user access to digital content (¶0006). Regarding Claim 10, Chang discloses the system of claim 9, Chang further discloses wherein the link is an Uniform Resource Locator (URL) (¶0026[At operation 364, remote storage management system 350 may generate an access link (e.g., a URL) that can be used by the recipient to access the user's cloud drive and files contained in the cloud drive.]), wherein causes the indication to be sent to the ERP system when the link is selected by the second entity (¶0028[The user may navigate the directory structure of the cloud drive and attempt to open or access a selected file in the cloud drive. In response to the selection of the file, at operation 462, recipient computing device 420 may send a request to remote storage management system 450 to access the file. In response to the request, remote storage management system 450 may determine the source of the selected file and identify remote storage system 430 as the storage system storing the requested file.]), wherein is used for verifying the second entity (¶0028[The user may navigate the directory structure of the cloud drive and attempt to open or access a selected file in the cloud drive. In response to the selection of the file, at operation 462, recipient computing device 420 may send a request to remote storage management system 450 to access the file. In response to the request, remote storage management system 450 may determine the source of the selected file and identify remote storage system 430 as the storage system storing the requested file.] in view of ¶0041[The remote storage management system may verify the access link and the access permissions for the recipient, and present a directory structure representing the cloud drive on the recipient computing device.]). Although Chang discloses a URL link, Chang does not explicitly disclose a URL containing a first part and a second part wherein the first part causes an indication to be sent and the second part is used for verification. However, Meyerson teaches. (Fig. 7; ¶¶0046-0050[the qualification specification is third-party specific and may specify how one or more tokens or identifiers are to be generated such that a third-party may independently validate a token when received as part of a media resource request… For example, if a media resource request including a URL such as “start.real.com/rd?pid=CNN—222&URL=foo.smi” were to be received by server 702, where “CNN—222” represents a content/partner identifier and “foo.smi” represents the requested media resource, server 702 may access table 600 using “CNN—222” to identify a host address of “media.cnn.com” for the requested media resource. Thereafter, server 702 may generate a response including a URL such as “rtsp://media.cnn.com/foo.smi” or “http://media.cnn.com/foo.smi” depending e.g. upon whether the requested media resource is to be streamed to the requestor. The URL may further include a token generated in accordance with a qualification specification determined based on the identified “media.cnn.com” host address. As described above, the token may include a variety of attributes including content control attributes to indicate to the third-party whether the user has authorized a class of content associated with the requested media resource (e.g. as determined by the “CNN—222” content identifier) to be delivered to the requester]) The system of Meyerson is applicable to the system of Chang as they share characteristics and capabilities, namely, they are both targeted to sharing content online. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the URL link as disclosed by Chang to include a first and second part used for indicating access and verification as taught by Meyerson. One of ordinary skill in the art would have been motivated to expand the system of Chang in order to control user access to digital content (¶0006). Regarding Claim 14, Chang discloses the non-transitory machine-readable medium of claim 13, Chang further discloses wherein the link is an Uniform Resource Locator (URL) (¶0026[At operation 364, remote storage management system 350 may generate an access link (e.g., a URL) that can be used by the recipient to access the user's cloud drive and files contained in the cloud drive.]), wherein causes the indication to be sent to the ERP system when the link is selected by the second entity (¶0028[The user may navigate the directory structure of the cloud drive and attempt to open or access a selected file in the cloud drive. In response to the selection of the file, at operation 462, recipient computing device 420 may send a request to remote storage management system 450 to access the file. In response to the request, remote storage management system 450 may determine the source of the selected file and identify remote storage system 430 as the storage system storing the requested file.]), wherein is used for verifying the second entity (¶0028[The user may navigate the directory structure of the cloud drive and attempt to open or access a selected file in the cloud drive. In response to the selection of the file, at operation 462, recipient computing device 420 may send a request to remote storage management system 450 to access the file. In response to the request, remote storage management system 450 may determine the source of the selected file and identify remote storage system 430 as the storage system storing the requested file.] in view of ¶0041[The remote storage management system may verify the access link and the access permissions for the recipient, and present a directory structure representing the cloud drive on the recipient computing device.]). Although Chang discloses a URL link, Chang does not explicitly disclose a URL containing a first part and a second part wherein the first part causes an indication to be sent and the second part is used for verification. However, Meyerson teaches. (Fig. 7; ¶¶0046-0050[the qualification specification is third-party specific and may specify how one or more tokens or identifiers are to be generated such that a third-party may independently validate a token when received as part of a media resource request… For example, if a media resource request including a URL such as “start.real.com/rd?pid=CNN—222&URL=foo.smi” were to be received by server 702, where “CNN—222” represents a content/partner identifier and “foo.smi” represents the requested media resource, server 702 may access table 600 using “CNN—222” to identify a host address of “media.cnn.com” for the requested media resource. Thereafter, server 702 may generate a response including a URL such as “rtsp://media.cnn.com/foo.smi” or “http://media.cnn.com/foo.smi” depending e.g. upon whether the requested media resource is to be streamed to the requestor. The URL may further include a token generated in accordance with a qualification specification determined based on the identified “media.cnn.com” host address. As described above, the token may include a variety of attributes including content control attributes to indicate to the third-party whether the user has authorized a class of content associated with the requested media resource (e.g. as determined by the “CNN—222” content identifier) to be delivered to the requester]) The system of Meyerson is applicable to the system of Chang as they share characteristics and capabilities, namely, they are both targeted to sharing content online. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the URL link as disclosed by Chang to include a first and second part used for indicating access and verification as taught by Meyerson. One of ordinary skill in the art would have been motivated to expand the system of Chang in order to control user access to digital content (¶0006). Claim(s) 3, 11, and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chang in view of Brothers et al. (US 2002/0083178 A1). Regarding Claim 3, Chang discloses the method of claim 1, Chang further discloses wherein the first entity is enabled to specify the second entity is allowed to select the link (¶0040[In some embodiment, the access link can also be associated with an expiration time after which the access link cannot be used to access the cloud drive, and the expiration time can be set differently for different recipients.]), wherein the ERP system maintains when the indication is received (Fig. 1; ¶0016[Data storage element 138 can be used to store data uploaded by users, and metadata indicating one or more characteristics, attributes, and/or properties of the data (e.g., date and/or time of creation, date and/or time of last modification, author, version, title, file type, encoding algorithm, classification information, tags, data source, size information such as memory size, pixel count, number of words, lines, paragraphs, resolution, etc.).]), wherein the verifying and the facilitating is performed only when the time is less than or equal to the expiration time (¶0040[In some embodiment, the access link can also be associated with an expiration time after which the access link cannot be used to access the cloud drive, and the expiration time can be set differently for different recipients.]). Although Chang discloses a link access expiration time, Chang does not explicitly disclose specifying a maximum count of the times the entity is allowed access to the link, a running count of the times when access indication is received, and accessing only when the running count is less than the maximum count. However, Brothers et al., hereinafter, Brothers, teaches a running count of times an access occurs and a maximum count of times that access can occur (¶0147[This field represents the maximum number of times a user and/or WAD may access a resource. The web server 30 can track the number of accesses made by the WAD, in which case the maximum reference data can be transmitted in a secure URL from the web server 24 to the web server 30 via the WAD 12. Alternatively, the web server 24 can track the number of accesses to the resource by the WAD by the web server 30 notifying the web server 24 each time the WAD seeks access to the resource. The web servers 24 and/or 30 can store this data along with reference count data that is initially set to "0" and incremented each time the WAD 12 accesses the resource. If the web servers 24 and/or 30 determine that the WAD 12 has exceeded the maximum number of permitted accesses to the resource, such web servers can be programmed to prohibit the WAD 12 from further accessing the resource. The web servers 24 and/or 30 can perform this function by tracking the number of accesses to the resource using a particular secure URL.] in view of ¶0020[The retrieved resource access right data can include maximum reference data and reference count data. The seventh method can further comprise incrementing the reference count data to indicate that access to the resource has been requested by the request signal, comparing the incremented reference count data with the maximum reference count data, and providing access to the resource if the comparing indicates that the incremented reference count data does not exceed the maximum reference count data.]). The method of Brothers is applicable to the method of Chang as they share characteristics and capabilities, namely, they are both targeted to accessing content online. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the URL link as disclosed by Chang to include counting the times that access occurs as taught by Brothers. One of ordinary skill in the art would have been motivated to expand the method of Chang in order to determine the rights the WAD and/or user thereof has with respect to the resource (Abstract). Regarding Claim 11, Chang discloses the system of claim 9, Chang further discloses wherein the first entity is enabled to specify the second entity is allowed to select the link (¶0040[In some embodiment, the access link can also be associated with an expiration time after which the access link cannot be used to access the cloud drive, and the expiration time can be set differently for different recipients.]), wherein the ERP system maintains when the indication is received (Fig. 1; ¶0016[Data storage element 138 can be used to store data uploaded by users, and metadata indicating one or more characteristics, attributes, and/or properties of the data (e.g., date and/or time of creation, date and/or time of last modification, author, version, title, file type, encoding algorithm, classification information, tags, data source, size information such as memory size, pixel count, number of words, lines, paragraphs, resolution, etc.).]), wherein the verifying and the facilitating is performed only when the time is less than or equal to the expiration time (¶0040[In some embodiment, the access link can also be associated with an expiration time after which the access link cannot be used to access the cloud drive, and the expiration time can be set differently for different recipients.]). Although Chang discloses a link access expiration time, Chang does not explicitly disclose specifying a maximum count of the times the entity is allowed access to the link, a running count of the times when access indication is received, and accessing only when the running count is less than the maximum count. However, Brothers teaches a running count of times an access occurs and a maximum count of times that access can occur (¶0147[This field represents the maximum number of times a user and/or WAD may access a resource. The web server 30 can track the number of accesses made by the WAD, in which case the maximum reference data can be transmitted in a secure URL from the web server 24 to the web server 30 via the WAD 12. Alternatively, the web server 24 can track the number of accesses to the resource by the WAD by the web server 30 notifying the web server 24 each time the WAD seeks access to the resource. The web servers 24 and/or 30 can store this data along with reference count data that is initially set to "0" and incremented each time the WAD 12 accesses the resource. If the web servers 24 and/or 30 determine that the WAD 12 has exceeded the maximum number of permitted accesses to the resource, such web servers can be programmed to prohibit the WAD 12 from further accessing the resource. The web servers 24 and/or 30 can perform this function by tracking the number of accesses to the resource using a particular secure URL.] in view of ¶0020[The retrieved resource access right data can include maximum reference data and reference count data. The seventh method can further comprise incrementing the reference count data to indicate that access to the resource has been requested by the request signal, comparing the incremented reference count data with the maximum reference count data, and providing access to the resource if the comparing indicates that the incremented reference count data does not exceed the maximum reference count data.]). The system of Brothers is applicable to the system of Chang as they share characteristics and capabilities, namely, they are both targeted to accessing content online. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the URL link as disclosed by Chang to include counting the times that access occurs as taught by Brothers. One of ordinary skill in the art would have been motivated to expand the system of Chang in order to determine the rights the WAD and/or user thereof has with respect to the resource (Abstract). Regarding Claim 15, Chang discloses the non-transitory machine-readable medium of claim 13, Chang further discloses wherein the first entity is enabled to specify the second entity is allowed to select the link (¶0040[In some embodiment, the access link can also be associated with an expiration time after which the access link cannot be used to access the cloud drive, and the expiration time can be set differently for different recipients.]), wherein the ERP system maintains when the indication is received (Fig. 1; ¶0016[Data storage element 138 can be used to store data uploaded by users, and metadata indicating one or more characteristics, attributes, and/or properties of the data (e.g., date and/or time of creation, date and/or time of last modification, author, version, title, file type, encoding algorithm, classification information, tags, data source, size information such as memory size, pixel count, number of words, lines, paragraphs, resolution, etc.).]), wherein the verifying and the facilitating is performed only when the time is less than or equal to the expiration time (¶0040[In some embodiment, the access link can also be associated with an expiration time after which the access link cannot be used to access the cloud drive, and the expiration time can be set differently for different recipients.]). Although Chang discloses a link access expiration time, Chang does not explicitly disclose specifying a maximum count of the times the entity is allowed access to the link, a running count of the times when access indication is received, and accessing only when the running count is less than the maximum count. However, Brothers teaches a running count of times an access occurs and a maximum count of times that access can occur (¶0147[This field represents the maximum number of times a user and/or WAD may access a resource. The web server 30 can track the number of accesses made by the WAD, in which case the maximum reference data can be transmitted in a secure URL from the web server 24 to the web server 30 via the WAD 12. Alternatively, the web server 24 can track the number of accesses to the resource by the WAD by the web server 30 notifying the web server 24 each time the WAD seeks access to the resource. The web servers 24 and/or 30 can store this data along with reference count data that is initially set to "0" and incremented each time the WAD 12 accesses the resource. If the web servers 24 and/or 30 determine that the WAD 12 has exceeded the maximum number of permitted accesses to the resource, such web servers can be programmed to prohibit the WAD 12 from further accessing the resource. The web servers 24 and/or 30 can perform this function by tracking the number of accesses to the resource using a particular secure URL.] in view of ¶0020[The retrieved resource access right data can include maximum reference data and reference count data. The seventh method can further comprise incrementing the reference count data to indicate that access to the resource has been requested by the request signal, comparing the incremented reference count data with the maximum reference count data, and providing access to the resource if the comparing indicates that the incremented reference count data does not exceed the maximum reference count data.]). The system of Brothers is applicable to the system of Chang as they share characteristics and capabilities, namely, they are both targeted to accessing content online. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the URL link as disclosed by Chang to include counting the times that access occurs as taught by Brothers. One of ordinary skill in the art would have been motivated to expand the system of Chang in order to determine the rights the WAD and/or user thereof has with respect to the resource (Abstract). Claim(s) 4, 12, and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chang in view of Nichols et al. (US 2009/0177517 A1). Regarding Claim 4, Chang discloses the method of claim 1, Chang further discloses wherein the first entity is enabled to specify to be sent to the second entity (Fig. 3; ¶¶0025-0026[At operation 364, remote storage management system 350 may generate an access link (e.g., a URL) that can be used by the recipient to access the user's cloud drive and files contained in the cloud drive…The access permissions can be set for the entire cloud drive, or per folder/subfolder or per file in the cloud drive. The access link may also be associated with and/or include any credential (e.g., a token) needed to access the cloud drive such that a recipient without an account with remote storage management system 350 can access the cloud drive] in view of ¶0030[The access tokens can be provided to remote storage management system from each remote storage system in response the user authorizing each remote storage system to grant the remote storage management system access to the user's account.]), wherein the ERP system sends to the second entity the first data is viewed by the second entity or until the second data is added to the ERP system (Fig. 3; ¶¶0025-0026[At operation 364, remote storage management system 350 may generate an access link (e.g., a URL) that can be used by the recipient to access the user's cloud drive and files contained in the cloud drive…The access permissions can be set for the entire cloud drive, or per folder/subfolder or per file in the cloud drive. The access link may also be associated with and/or include any credential (e.g., a token) needed to access the cloud drive such that a recipient without an account with remote storage management system 350 can access the cloud drive] in view of ¶0030[The access tokens can be provided to remote storage management system from each remote storage system in response the user authorizing each remote storage system to grant the remote storage management system access to the user's account.]). Although Chang discloses sending an access link to an entity, Chang does not explicitly disclose specifying a periodic alert and sending the periodic alerts to an entity until data is viewed. However, Nichols et al., hereinafter, Nichols, teaches specifying periodic alerts to occurs until an action is performed (¶0037[Contract tracking tool 102 may also determine a reminder threshold and reminder frequency based on the current date and the contract signature due date. If a particular approver, for example, first approver 121, does not take action for a time period longer than the reminder threshold, contract tracking tool 102 may send electronic reminders to first approver 121 at the determined reminder frequency (e.g., once a day) until an action is taken.]). The method of Nichols is applicable to the method of Chang as they share characteristics and capabilities, namely, they are both targeted to tracking content online. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the URL link as disclosed by Chang to include a periodic alert to access content as taught by Nichols. One of ordinary skill in the art would have been motivated to expand the method of Chang in order to track a contract from a contract administrator (Abstract). Regarding Claim 12, Chang discloses the system of claim 9, Chang further discloses wherein the first entity is enabled to specify to be sent to the second entity (Fig. 3; ¶¶0025-0026[At operation 364, remote storage management system 350 may generate an access link (e.g., a URL) that can be used by the recipient to access the user's cloud drive and files contained in the cloud drive…The access permissions can be set for the entire cloud drive, or per folder/subfolder or per file in the cloud drive. The access link may also be associated with and/or include any credential (e.g., a token) needed to access the cloud drive such that a recipient without an account with remote storage management system 350 can access the cloud drive] in view of ¶0030[The access tokens can be provided to remote storage management system from each remote storage system in response the user authorizing each remote storage system to grant the remote storage management system access to the user's account.]), wherein the ERP system sends to the second entity the first data is viewed by the second entity or until the second data is added to the ERP system (Fig. 3; ¶¶0025-0026[At operation 364, remote storage management system 350 may generate an access link (e.g., a URL) that can be used by the recipient to access the user's cloud drive and files contained in the cloud drive…The access permissions can be set for the entire cloud drive, or per folder/subfolder or per file in the cloud drive. The access link may also be associated with and/or include any credential (e.g., a token) needed to access the cloud drive such that a recipient without an account with remote storage management system 350 can access the cloud drive] in view of ¶0030[The access tokens can be provided to remote storage management system from each remote storage system in response the user authorizing each remote storage system to grant the remote storage management system access to the user's account.]). Although Chang discloses sending an access link to an entity, Chang does not explicitly disclose specifying a periodic alert and sending the periodic alerts to an entity until data is viewed. However, Nichols teaches specifying periodic alerts to occurs until an action is performed (¶0037[Contract tracking tool 102 may also determine a reminder threshold and reminder frequency based on the current date and the contract signature due date. If a particular approver, for example, first approver 121, does not take action for a time period longer than the reminder threshold, contract tracking tool 102 may send electronic reminders to first approver 121 at the determined reminder frequency (e.g., once a day) until an action is taken.]). The system of Nichols is applicable to the system of Chang as they share characteristics and capabilities, namely, they are both targeted to tracking content online. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the URL link as disclosed by Chang to include a periodic alert to access content as taught by Nichols. One of ordinary skill in the art would have been motivated to expand the system of Chang in order to track a contract from a contract administrator (Abstract). Regarding Claim 16, Chang discloses the non-transitory machine-readable medium of claim 13, Chang further discloses wherein the first entity is enabled to specify to be sent to the second entity (Fig. 3; ¶¶0025-0026[At operation 364, remote storage management system 350 may generate an access link (e.g., a URL) that can be used by the recipient to access the user's cloud drive and files contained in the cloud drive…The access permissions can be set for the entire cloud drive, or per folder/subfolder or per file in the cloud drive. The access link may also be associated with and/or include any credential (e.g., a token) needed to access the cloud drive such that a recipient without an account with remote storage management system 350 can access the cloud drive] in view of ¶0030[The access tokens can be provided to remote storage management system from each remote storage system in response the user authorizing each remote storage system to grant the remote storage management system access to the user's account.]), wherein the ERP system sends to the second entity the first data is viewed by the second entity or until the second data is added to the ERP system (Fig. 3; ¶¶0025-0026[At operation 364, remote storage management system 350 may generate an access link (e.g., a URL) that can be used by the recipient to access the user's cloud drive and files contained in the cloud drive…The access permissions can be set for the entire cloud drive, or per folder/subfolder or per file in the cloud drive. The access link may also be associated with and/or include any credential (e.g., a token) needed to access the cloud drive such that a recipient without an account with remote storage management system 350 can access the cloud drive] in view of ¶0030[The access tokens can be provided to remote storage management system from each remote storage system in response the user authorizing each remote storage system to grant the remote storage management system access to the user's account.]). Although Chang discloses sending an access link to an entity, Chang does not explicitly disclose specifying a periodic alert and sending the periodic alerts to an entity until data is viewed. However, Nichols teaches specifying periodic alerts to occurs until an action is performed (¶0037[Contract tracking tool 102 may also determine a reminder threshold and reminder frequency based on the current date and the contract signature due date. If a particular approver, for example, first approver 121, does not take action for a time period longer than the reminder threshold, contract tracking tool 102 may send electronic reminders to first approver 121 at the determined reminder frequency (e.g., once a day) until an action is taken.]). The system of Nichols is applicable to the system of Chang as they share characteristics and capabilities, namely, they are both targeted to tracking content online. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the URL link as disclosed by Chang to include a periodic alert to access content as taught by Nichols. One of ordinary skill in the art would have been motivated to expand the system of Chang in order to track a contract from a contract administrator (Abstract). Claim(s) 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chang in view of Moskowitz et al. (US 20210019718 A1). Regarding Claim 6, Chang discloses the method of claim 5, Chang further discloses wherein the first entity is a user and the second entity is second user (Abstract[The remote storage management system may allow a user to create sharable cloud drives with combination of files from the unified file system irrespective of which service provider is storing the files. The generated cloud drive can be shared with a recipient to give the recipient access to the user's files.]), wherein the first data (Abstract[The remote storage management system may allow a user to create sharable cloud drives with combination of files from the unified file system irrespective of which service provider is storing the files. The generated cloud drive can be shared with a recipient to give the recipient access to the user's files.]). Although Chang discloses users, Chang does not explicitly disclose wherein the entity is a business organization and the second entity is a customer of the business organization and where in the data is an invoice/purchase order for the customer raised by the business organization. However, Moskowitz et al., hereinafter, Moskowitz, teaches a business organization sending an invoice to customers (¶0113[When the small business wants to send an invoice, it fills out a template (for example, provided by entity 9011), enters the customer information (name, e-mail address and/or phone number), and hits “send.” FIG. 15 shows an exemplary invoicing “top” screen including current checking account balance 3001 (immediately below and not separately numbered, outstanding invoice balance and overdue invoice balance), and recent invoices 3007, 3009.]). The method of Moskowitz is applicable to the method of Chang as they share characteristics and capabilities, namely, they are both targeted to exchange of data among users online. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the URL link as disclosed by Chang to include a business and customers as taught by Moskowitz. One of ordinary skill in the art would have been motivated to expand the method of Chang in order to improve the performance of electronic networks implementing bill presentment, bill payment, and/or money transfer, and the like (¶0001). Claim(s) 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chang in view of Miller et al. (US 2004/0254802 A1). Regarding Claim 8, Chang discloses the method of claim 7, Chang further discloses wherein the first entity is a user and the second entity is second user (Abstract[The remote storage management system may allow a user to create sharable cloud drives with combination of files from the unified file system irrespective of which service provider is storing the files. The generated cloud drive can be shared with a recipient to give the recipient access to the user's files.]), wherein the second data (Fig. 5; ¶0001[Such services allow users to view or access uploaded files from different devices, and may allow different users to access and modify the same uploaded file in a collaborative environment.] in view of ¶0040). Although Chang discloses users, Chang does not explicitly disclose wherein the entity is a business organization and the second entity is a customer of the business organization and where in the data is a unique identification number of the customer required by the business organization. However, Miller et al., hereinafter, Miller, teaches a customer of a business entering a unique ID required by that business (¶0051[For example, a customer gives the delivery organisation his mobile telephone number, and this becomes his identifier; the delivery organisation then generates a PIN number, and sends this to the customer. Every time the customer wants to pick up a delivery, he enters his identifier into the security code input means together with its associated PIN number, and the locking means unlocks the enclosure.] in view of ¶0046[The communication means sends this message automatically to the customer whose identifier was input into the lockerbank by the customer or delivery person making the delivery]). The method of Miller is applicable to the method of Chang as they share characteristics and capabilities, namely, they are both targeted to organizing interactions among users online. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the URL link as disclosed by Chang to include a unique customer ID as taught by Miller. One of ordinary skill in the art would have been motivated to expand the method of Chang in order to secure delivery or collection systems (¶0001). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Hunter (US 2007/0006294 A1) discloses data flow of a computer and computer network in a secure domain. “A digital envelope approach using attribute-based encryption for secure data exchange in IoT scenarios” discloses secure information exchanges among different entities. Any inquiry concerning this communication or earlier communications from the examiner should be directed to AHOORA LADONI whose email is Ahoora.Ladoni@uspto.gov and telephone number is (703) 756-5617. The examiner can normally be reached M-F 0900–1700 ET. Examiner interviews are available via telephone, in-person and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /AHOORA LADONI/Examiner, Art Unit 3689 /VICTORIA E. FRUNZI/Primary Examiner, Art Unit 3689 1/12/2026
Read full office action

Prosecution Timeline

Jun 24, 2024
Application Filed
Jan 10, 2026
Non-Final Rejection — §101, §102, §103 (current)

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

1-2
Expected OA Rounds
0%
Grant Probability
0%
With Interview (+0.0%)
3y 0m
Median Time to Grant
Low
PTA Risk
Based on 13 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month