DATA MANAGEMENT METHOD AND APPARATUS, SERVER AND STORAGE MEDIUM

§101 §102

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Priority The present disclosure claims priority of the Chinese patent application No. 202210359812.X, filed with the China Patent Office on Apr. 6, 2022, the entire contents of which are incorporated into the present disclosure by reference. Information Disclosure Statement The information disclosure statement (IDS) submitted on 06/04/2025 and 09/25/2024 were filed before and along with the mailing date of the Non-Provisional Patent Application on 09/25/2024. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. DETAILED ACTION This Office Action is in response to a Non-Provisional Patent Application filed on 09/25/2024. Claim 8 has been cancelled, claims 9-10 have been amended and claims 11-16 have been added as new claims in the preliminary amendments filed 09/25/2024. In the application, claims 1-7, and 9-16 have been received for consideration and have been examined. Specification Applicant’s submitted specification has been reviewed and found to be in compliance. Drawings Applicant’s submitted drawings have been reviewed and found to be in compliance. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-7, 9-16 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an Abstract Idea without significantly more analyzed according to MPEP 2106. Step 1: The independent claims 1, 9, and 10 fall into one of the four statutory categories of “a method,” “a server”, and “a storage medium containing a computer executable instruction” claims. Nevertheless, the claims still are considered as Abstract Idea (i.e., Mental Process) for the following prongs and reasons. Step 2A: Prong 1: The limitations of the independent claims 1, 9, and 10 recite the abstract idea of: “acquiring a data acquisition request sent from a third-party application; wherein the data acquisition request comprises Token information of a first user and identification information of an access object (Mental process: a human administrator receives data access request from a third-party wherein the data access request comprises token information containing a first user and identification information of an access object); verifying the Token information of the first user, in response to that the Token information passes a verification, according to the identification information of the access object, determining whether the access object has an association relationship with the first user (Mental process: the human administrator verifies the token information and based on successful verification, the human administrator determines whether the access object has an association relationship with the first user); and based on a determining result that the access object has the association relationship with the first user, sending business data of the access object to the third-party application (Mental process: once the human administrator verifies/determines the association relationship between the access object and the first user, the human administrator sends business data to the third-party)”. The claim generically recites the concept of Mental process where a human administrator observes and determine a request from a third-party regarding data access for a user. The request contains a token comprising user information and identification information of an access object. Based on verification of the token information, the human administrator sends business related data of the access object to the third-party. The above limitations are steps which clearly fall into the Mental Process - concepts performed in the human mind (including an observation, evaluation, judgment, opinion) bucket which under its broadest reasonable interpretation, covers performance of the limitations in the human mind and / or with pen and paper. As mentioned above, the steps of claim can be performed by a human administrator observes and determine a request from a third-party regarding data access for a user. The request contains a token comprising user information and identification information of an access object. Based on verification of the token information, the human administrator sends business related data of the access object to the third-party. Step 2A: Prong 2: The judicial exception (i.e., a method, a server, a storage medium) are not integrated into a practical application. In particular, the claims do not recite any additional element to perform beyond routine steps. To show that the involvement of a computer assists in improving the technology, the claims must recite the details regarding how a computer aids the method, the extent to which the computer aids the method, or the significance of a computer to the performance of the method. Merely adding generic computer components to perform the method is not sufficient. Thus, the claim must include more than mere instructions to perform the method on a generic component or machinery to qualify as an improvement to an existing technology (MPEP 2106.5(a) II). In this particular case, the additional elements of the claims are: “a server comprising a memory, a processing apparatus, and a computer program stored in the memory”, and “a storage medium”. Recitation of these additional elements do not improve the functioning of the computer or to any other technology or technical field. The additional elements are recited at a high-level of generality (i.e., as generic terms performing generic computer functions (Instant spec. [0018] * [0109] discloses that generic processor and memory is used to execute the steps of the invention) such that it amounts no more than mere instructions to apply the exception using generic computer components. Accordingly, the additional elements do not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. Therefore, the claims are directed to an abstract idea. Step 2B: The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the claims do not reflect improvement in the technology. The recitation of additional items in the claim fails to recite a practical application that goes beyond the abstract concept itself. To be patentable, the claims must be more than just the abstract idea of using machine learning for visual analysis. Instead, they need to be anchored to concrete improvements, specific hardware, novel data structures, unique data processing, or measurable gains in computational performance. Therefore, the underlying steps of business activity is viewed as an abstract idea, similar to a mental process. Further, mere automated instructions to apply an exception using a generic computer component cannot provide an inventive concept. Thus, the claims are not patent eligible. As discussed above with respect to integration of the abstract idea into a practical application, the above identified additional elements amount to no more than mere instructions to apply the exception using general purpose computer. To support this factual conclusion, the examiner takes Official Notice that one of the ordinary skills in the art, before the effective filing date of the claimed invention, would have found processors and/or software well-known and routine in technology that involves computers (PgPub instant spec. [0018] & [0109]) such that it amounts no more than mere instructions to apply the exception using generic computer components. Accordingly, the additional elements do not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. Thus, the examiner asserts that the above noted elements, when considered individually or in combination, do not constitute as “significantly more” than the abstract idea. Dependent claims 2-7, and 11-16 recite “a server comprising a memory, a processing apparatus, and a computer program stored in the memory”, and “a storage medium” claims and hence falls into one of the statutory categories and therefore passes step 1 analysis. However, under step 2, 2A & 2B analysis, the claim fails to recite any limitations that create a difference in the 101 analyses as indicated for claims 1, 9, and 10 because dependent claims merely recite steps which fall under a mental process where human users can perform the steps of these dependent claims and thus dependent claims are ineligible as well. Overall analysis of the claims 1-7, and 9-16 demonstrates that limitations are directed to a mental process performable by a human being in their head using a pen and paper in a methodical and orderly manner. Therefore, the claims recite an abstract idea. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. Claim(s) 1-7, and 9-16 are rejected under 35 U.S.C. 102(a)(1) & (a)(2) as being anticipated by Dunjic et al., (US20200382510A1). Regarding claim 1, Dunjic discloses: A data management method, comprising: acquiring [i.e., receiving by custodian system from third-party system] a data acquisition request sent from a third-party (i.e., a third-party system send request to custodian system) application, wherein the data acquisition request comprises Token information of a first user and identification information of an access object ([0015] the corresponding custodian system may establish a direct communications channel with the client device, and may transmit a notification to the client device that, when presented within a digital interface, identifies the access requested by the third-party system; [0144] Referring to FIG. 4, custodian system 130 may receive data requesting one or more elements of confidential data maintained within a local data repository or within an accessible could-based data repository (e.g., in step 402). In some instances, the received data may be generated by executed third-party application engine 112, and the received data may include one or more identifiers of the requested data (e.g., the requested account balance of the credit card account issued to user 101)); verifying the Token information of the first user, in response to that the Token information passes a verification, according to the identification information of the access object, determining whether the access object has an association relationship with the first user ([0145] In some instances, custodian system 130 may perform operations that validate the received OAuth token against a locally maintained copy of the OAuth token generated during any of the exemplary token-based authentication and consent protocols described herein (e.g., in step 404); [0146] Alternatively, if custodian system 130 were to establish a consistency between the received OAuth token and the locally maintained OAuth token (e.g., step 404; YES), custodian system 130 may perform additional operations that determine whether executed third-party application engine 112 should be trusted to manage the requested elements of confidential data in accordance with the user-specified consent (e.g., based on the received OAuth token) and/or terms and conditions imposed by custodian system 130); and based on a determining result that the access object has the association relationship with the first user, sending business data of the access object to the third-party application ([0148] Alternatively, if custodian system 130 were to determine that the recorded elements of permissioning data fail to specify any restrictions or limitations, or that none of the restrictions or limitations are applicable to the received request, the requested elements of confidential data, or executed third-party application engine 112 (e.g., step 412; NO), custodian system 130 may perform any of the exemplary processes described herein to access and extract the requested elements of confidential data from one or more locally accessible or cloud-based data repositories (e.g., in step 414); [0149] Custodian system 130 may perform any of the exemplary processes described herein to transmit the encrypted elements of confidential data (and in some instances, the applied digital signature and a public key certificate of custodian system 130) across network 120 to third-party system 110, e.g., via a secure, programmatic interface of executed third-party application engine 112 (e.g., in step 418)). Regarding claim 9, it is a server claim and recites similar subject matter as claim 1 and therefore rejected under similar ground of rejection. Regarding claim 10, it is a storage medium claim and recites similar subject matter as claim 1 and therefore rejected under similar ground of rejection. Regarding claim 2, Dunjic discloses: The method according to claim 1, after acquiring the data acquisition request sent from the third-party application, further comprising at least one of the following: acquiring a sending region of the data acquisition request, and determining whether the sending region is a designated region; based on a determining result that the sending region is not the designated region, not responding to the data acquisition request; acquiring a belonging region of the access object, and determining whether the belonging region of the access object is the designated region; based on a determining result that the belonging region of the access object is not the designated region, not responding to the data acquisition request; acquiring an IP address of the data acquisition request, and determining whether the IP address is located in an address whitelist; and based on a result that the IP address is not located in the address whitelist, not responding to the data acquisition request ([0052] & [0101]). Regarding claim 11, it is a server claim and recites similar subject matter as claim 2 and therefore rejected under similar ground of rejection. Regarding claim 3, Dunjic discloses: The method according to claim 1, wherein in response to determining that the access object has the association relationship with the first user, sending business data of the access object to the third-party application, comprises: in response to determining that the access object has the association relationship with the first user, acquiring a business association region of the access object and a data acquisition region of the third-party application, and determining whether the business association region of the access object is consistent with the data acquisition region of the third-party application; and based on a determining result that the business association region of the access object is consistent with the data acquisition region of the third-party application, sending the business data of the access object to the third-party application ([0052] & [0101]). Regarding claim 12, it is a server claim and recites similar subject matter as claim 3 and therefore rejected under similar ground of rejection. Regarding claim 4, Dunjic discloses: The method according to claim 1, wherein the according to the identification information of the access object, determining whether the access object has an association relationship with the first user, comprises: according to the identification information of the access object, determining whether a target object exists in the access object that has an authorization binding relationship with the third-party application; and in response to determining that the access object has the association relationship with the first user, sending business data of the access object to the third-party application, comprises: in response to that the target object that has the authorization binding relationship with the third-party application exists in the access object, sending the business data of the target object to the third-party application ([0069-0070] & [0145-0146]). Regarding claim 13, it is a server claim and recites similar subject matter as claim 4 and therefore rejected under similar ground of rejection. Regarding claim 5, Dunjic discloses: The method according to claim 1, wherein before the according to the identification information of the access object, determining whether the access object has an association relationship with the first user, further comprises: determining whether the identification information of the access object is a null value; based on a determining result that the identification information of the access object is the null value, sending business data of all objects that have authorization binding relationships with the third-party application in objects having the association relationships with the first user to the third-party application; and the according to the identification information of the access object, determining whether the access object has an association relationship with the first user, comprises: based on a determining result that the identification information of the access object is not the null value, according to the identification information of the access object, determining whether the access object has the association relationship with the first user ([0069-0070] & [0145-0146]). Regarding claim 14, it is a server claim and recites similar subject matter as claim 5 and therefore rejected under similar ground of rejection. Regarding claim 6, Dunjic discloses: The method according to claim 1, further comprising: acquiring an authorization request sent by the first user; wherein the authorization request comprises the Token information of the first user and identification information of the third-party application to be authorized; verifying the Token information, as to verify whether the Token information is valid; in response to that the Token information is invalid, displaying an authorization login interface to the first user, as to guide the first user to update the Token information; in response to that the Token information is valid, displaying an authorization information interface to the first user; in response to acquiring an authorization instruction sent by the first user through the authorization information interface, acquiring the number of objects having the association relationships with the first user; and in response to determining that one object having the association relationship with the first user, authorization-binding the object having the association relationship with the first user and the Token information of the first user to the third-party application to be authorized ([0122-0123]). Regarding claim 15, it is a server claim and recites similar subject matter as claim 6 and therefore rejected under similar ground of rejection. Regarding claim 7, Dunjic discloses: The method according to claim 6, wherein after the acquiring the number of objects having the association relationships with the first user, further comprises: in response to that a plurality of the objects having the association relationships with the first user, displaying an object operation interface to the first user; and in response to acquiring binding information of at least one candidate object by the object operation interface, authorization-binding the at least one candidate object and the Token information of the first user to the third-party application ([0015]). Regarding claim 16, it is a server claim and recites similar subject matter as claim 7 and therefore rejected under similar ground of rejection. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED M AHSAN whose telephone number is (571)272-5018. The examiner can normally be reached 8:30 AM - 6:00 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Amir Mehrmanesh can be reached at 571-270-3351. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /SYED M AHSAN/Primary Examiner, Art Unit 2491