Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in response to the claims filed 9/25/2024. Claims 1-11, 13, and 15-22 are pending. Claims 1 (a method), 10 (a method), and 11 (a method) are independent.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-11, 13, and 15-22 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) a mental process of judging the acceptability of a person to be provided access. For example, a safe deposit box, powers of attorney, access to personal health records or medical decisions, or any other instance in human society where access is controlled. This judicial exception is not integrated into a practical application because the claims (1-11 and 15-22) merely set forth a plurality of information accesses or checks which are performable by a human with pen and paper. Furthermore, the instruction to perform the access permission determination by a generic computing device, i.e. claims 13, is merely an instruction to apply it and does not make the abstract idea eligible under § 101, see MPEP 2106.04(d).I. The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the claims (1-11 and 15-22) merely set forth a plurality of information accesses or checks which are performable by a human with pen and paper. Furthermore, the instruction to perform the access permission determination by a generic computing device, i.e. claims 13, is merely an instruction to apply it and does not make the abstract idea eligible under § 101, see MPEP 2106.05(f)(1).
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claim(s) 1, 2, 9, 10, 13, 15, and 22 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Liu, CN 202110512949 - citations are to the machine translated copy provided herewith - (published 2021).
As to claim 1, Liu discloses a method comprising:
receiving a processing request for target data sent by a requesting party having an access permission; (“step S114, receiving the authentication request sent by the target object to be operated or the third terminal device where the target object is located; wherein the authentication request comprises the operation authority information to be verified and the authorization credential to be verified obtained from the second user;” Liu p. 7, ¶ 2. “the second terminal device of the second user in response to the first operation request of the target object to be operated by the second user, …. sending the second operation request to the target object or the third terminal device where the target object is located.” Liu p. 7, ¶ 3. The requesting second user’s request being redirected from the third terminal.)
obtaining a first identifier of a first user to which the target data belongs and a second identifier of the requesting party; (“receiving a second operation request based on the established connection; determining the first identity information of the first user and the object information of the target object, the first identity information, object information, the second identity information and operation type information of the second operation request is determined as the operation authority information to be verified;” Liu p. 7, ¶ 3)
searching for a data processing rule pre-agreed upon by the first user and the requesting party (“the first user can pre-negotiate with the second user the second user is convenient for the type of the authorization credential, and when the authorization operation, editing the authorization credential type information.” P. 6, ¶ 2) according to the first identifier and the second identifier; and (“step S116, verifying the operation authority information and the authorization credential according to the authorization record information;” Liu p. 7, ¶ 5. The identifiers being provided in ¶ 3)
in a case that a processing operation specified by the processing request complies with the data processing rule, processing the target data according to the data processing rule to feedback corresponding response information to the requesting party. (“step S118, sending the verification result information to the target object or the third terminal device, the verification result information is used for the target object or the third terminal device determines whether to allow the second user to operate the target object operation type information corresponding to the operation.” Liu p. 7, ¶ 6)
As to claim 13, Liu discloses a method of claim 1 and further discloses:
An electronic device, comprising:
a memory and a processor; wherein the memory, configured to store a program;
the processor, coupled to the memory and configured to execute the program stored in the memory to implement the method according to claim 1.
(“One or more embodiments of the specification provide a processing device for an authorized service. The device comprises a processor. The apparatus also includes a memory arranged to store computer executable instructions. The computer-executable instructions, when executed, cause the processor to receive an authorization processing request sent by a first terminal device of a first user.” Liu p. 2, last ¶. Also p. 17, ¶ 2)
As to claims 2 and 15, Liu discloses a method/machine of claims 1 and 13 and further discloses:
wherein the obtaining the first identifier of the first user to which the target data belongs comprises:
querying an identity identifier of the first user in a database that stores the target data according to the processing request; and (“wherein, according to the target authorization record information to the operation authority information and authorization credential to verify processing may include: obtaining the authentication related information of the authorization credential from the target authorization record information, the valid period information, the target rule, the operation type information corresponding to the operation authority, the first identity information of the first user and the second identity information of the second user;” Liu p. 9, ¶¶ 2-3)
searching for the first identifier of the first user based on the identity identifier.
(“verifying whether the first identity information in the operation authority information matches with the obtained first identity information;” Liu p. 9, ¶ 8).
As to claim 10, Liu discloses a method comprising:
sending a request for an agreement on a data processing rule to a data management system; (“step S102, receiving the authorization processing request sent by the first terminal device of the first user;” Liu p. 5, last ¶. “step S104, if it is determined that the authorization information meets the preset authorization condition, then generating authorization credential according to the authorization information;” Liu p. 5, ¶ 3)
wherein the request for the agreement is associated with a restriction for a data processing behavior of a requesting party; (“the first user can pre-negotiate with the second user the second user is convenient for the type of the authorization credential, and when the authorization operation, editing the authorization credential type information.” Luo p. 6, ¶ 2)
in a case that a first user responds to the request for the agreement (“the first user can specify the type of the authorization credential according to the requirement of the second user, so as to generate the authorization credential convenient for the second user to use, so as to facilitate the second user to operate the target object based on the authorization credential” Luo p. 6, ¶ 3) and completes a signing on the data processing rule, (“the first user can pre-negotiate with the second user the second user is convenient for the type of the authorization credential, …. the authorization information may further include a first digital identity information of the first user, the second digital identity information of the second user; generating an authorization credential may include: obtaining the first signature data obtained by signature processing the first specified data by the first private key corresponding to the first digital identity information,” Liu p. 6, ¶ 2) generating a behavior control list containing the data processing rule, (“grant the operation authority for operating the object in accordance with the target rule;…. wherein the object can be a table, document, device, application and so on; operation type information such as reading operation, writing operation, copying operation, control operation and so on; identity information such as name, identity document number and so on.” Liu p. 5, ¶¶ 1-2) and storing the behavior control list in the data management system; and (“step S112, storing the authorization record information in the appointed storage area.” Liu p. 6, ¶ 8. Although termed a keystore, it is solely storing non-key data, thus any storage is reasonably interpreted as a key-store.)
performing a data processing operation on target data based on the behavior control list. (“verifying and processing the operation authority information and the authorization certificate according to the authorization record information; sending the verification result information to the target object or the third terminal device, the verification result information is used for the target object or the third terminal device to determine whether to allow the second user to perform the operation corresponding to the operation type information to the target object.” Liu p. 19, ¶¶ 3-4).
As to claims 9 and 22, Liu discloses a method/machine of claims 1 and 13 and further discloses:
wherein the receiving the processing request for the target data sent by the requesting party having the access permission comprises:
receiving an access request from the requesting party; (“after the authorization is successful, the second terminal device can respond to the first operation request of the target object to be operated by the second user, sending the second operation request to the target object or the third terminal device of the target object” Liu p. 7, ¶ 1)
determining whether the requesting party has the access permission (“verifying whether the second identity information in the operation authority information matches with the obtained second identity information;” Liu p. 9, ¶ 9) based on the second identifier carried in the access request; and (“step S114, receiving the authentication request sent by the target object to be operated or the third terminal device where the target object is located; wherein the authentication request comprises the operation authority information to be verified and the authorization credential to be verified obtained from the second user;” Liu p. 7, ¶ 2. “the second identity information can be pre-set in the second terminal device, correspondingly, the second terminal device obtains the preset second identity information; Alternatively, the second identity information can be edited by the second user operation second terminal device” Liu p. 7, ¶ 3)
in a case that the requesting party has the access permission, receiving the processing request for the target data sent by the requesting party. (“the target object or the third terminal device; according to the verification result information, determining whether to allow the second user to perform the operation corresponding to the operation type information to the target object.” Liu p. 15, ¶ 4)
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 3-8 and 16-21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Liu, CN 202110512949 (published 2021).
As to claims 3 and 16, Liu discloses a method/machine of claims 2 and 15 and further discloses:
wherein the searching for the data processing rule pre-agreed upon by the first user and the requesting party according to the first identifier and the second identifier comprises: (“wherein, according to the target authorization record information to the operation authority information and authorization credential to verify processing may include: obtaining the authentication related information of the authorization credential from the target authorization record information, the valid period information, the target rule, the operation type information corresponding to the operation authority, the first identity information of the first user and the second identity information of the second user;” Liu p. 9, ¶¶ 2-3)
determining whether the requesting party is a requesting party authorized by the first user based on the first identifier of the first user to which the target data belongs; and (“verifying whether the second identity information in the operation authority information matches with the obtained second identity information;” Liu p. 9, ¶ 9)
in a case that the requesting party is authorized by the first user, searching for a data processing rule preset for the requesting party that is pre-agreed upon by the first user and the requesting party. (“obtaining the authentication related information of the authorization credential from the target authorization record information, the valid period information, the target rule,” Liu p. 9, ¶ 3. “FIGS. 4 to 6 are only used to illustrate and not be limited, and the order of some operations can be adjusted according to the needs in practical applications, and some operations may also be implemented in other ways” Liu p. 13, ¶ 3)
While Liu implies the identity is checked prior to searching the rule, Liu further discloses that the operations may be reordered. Thus, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to order the rule determination after the identity checking of Liu p. 9, as such reordering is explicitly contemplated on page 13.
As to claims 4 and 17, Liu as modified above in claims 3 and 16 discloses a method/machine of claims 3 and 16 and further discloses:
Before (“after the authorization is successful, the second terminal device can respond to the first operation request of the target object to be operated by the second user, sending the second operation request to the target object or the third terminal device of the target object” Liu p. 7, ¶ 1. This statement precedes the citations in claim 1. The citations below occur before this statement.) the receiving the processing request for the target data sent by the requesting party having the access permission, further comprises:
receiving a request for an agreement on the data processing rule initiated by the requesting party or the first user; and (“step S102, receiving the authorization processing request sent by the first terminal device of the first user;” Liu p. 5, last ¶. “step S104, if it is determined that the authorization information meets the preset authorization condition, then generating authorization credential according to the authorization information;” Liu p. 5, ¶ 3)
in a case that the requesting party and the first user complete a signing of the agreement on the data processing rule, (“the first user can pre-negotiate with the second user the second user is convenient for the type of the authorization credential, …. the authorization information may further include a first digital identity information of the first user, the second digital identity information of the second user; generating an authorization credential may include: obtaining the first signature data obtained by signature processing the first specified data by the first private key corresponding to the first digital identity information,” Liu p. 6, ¶ 2)
generating a behavior control list containing the data processing rule, (“grant the operation authority for operating the object in accordance with the target rule;…. wherein the object can be a table, document, device, application and so on; operation type information such as reading operation, writing operation, copying operation, control operation and so on; identity information such as name, identity document number and so on.” Liu p. 5, ¶¶ 1-2) and storing the behavior control list in a keystore. (“step S112, storing the authorization record information in the appointed storage area.” Liu p. 6, ¶ 8. Although termed a keystore, it is solely storing non-key data, thus any storage is reasonably interpreted as a key-store.)
As to claims 5 and 18, Liu as modified above in claims 3 and 16 discloses a method/machine of claims 4 and 17 and further discloses:
wherein the determining whether the requesting party is the requesting party authorized by the first user comprises:
searching for a second identifier of a requesting party bound to the identity identifier of the first user based on the behavior control list stored in the keystore; and (“obtaining the authentication related information of the authorization credential from the target authorization record information, the valid period information, the target rule, the operation type information corresponding to the operation authority, the first identity information of the first user and the second identity information of the second user;” Liu p. 9, ¶ 3)
if in a case that the requesting party that sends the processing request matches the second identifier of the requesting party bound to the identity identifier of the first user, (“verifying whether the second identity information in the operation authority information matches with the obtained second identity information;” Liu p. 9, ¶ 9) determining that the requesting party is authorized. (“if the authenticity verification of the authorization credential is passed, … and the second identity information matching, determining the operation authority information and authorization credential verification.” Liu p. 9, ¶ 10).
As to claims 6 and 19, Liu as modified above in claims 3 and 16 discloses a method/machine of claims 5 and 18 and further discloses:
wherein the searching for the data processing rule preset for the requesting party that is pre-agreed upon by the first user and the requesting party comprises:
querying a data processing rule bound to the second identifier in the behavior control list based on the second identifier of the requesting party; and (“obtaining the authentication related information of the authorization credential from the target authorization record information, the valid period information, the target rule, the operation type information corresponding to the operation authority, the first identity information of the first user and the second identity information of the second user;” Liu p. 9, ¶ 3)
taking the data processing rule bound to the second identifier as the data processing rule preset by the requesting party. (“according to the object information of the target object in the operation authority information, verifying whether the target object meets the obtained target rule; verifying whether the operation type information in the operation authority information is matched with the obtained operation type information;” Liu p. 9, ¶¶ 6-7)
As to claims 7 and 20, Liu as modified above in claims 3 and 16 discloses a method/machine of claims 5 and 18 and further discloses:
wherein the generating the behavior control list containing the data processing rule comprises: performing at least one of the following operations:
generating the data processing rule based on a data processing manner restricted by the first user for the requesting party; (“when the first user needs to perform authorization operation, operating the authorization related application in the first terminal device, determining whether there is target rule in each preset rule of the authorization related application display, if so, selecting the target rule from the rule displayed by the authorization related application, if not, then automatically editing the target rule in the authorization application; and editing the granted operation authority corresponding to the operation type information, the first identity information of the first user, the second identity information of the second user, the valid period information of the authorization credential to be generated, and submitting the edited each information.” Liu p. 5, ¶ 2)
generating the data processing rule based on a computing type restricted by the first user for the requesting party; and, (“operation type information” Liu p. 5, ¶ 2)
generating the behavior control list according to an established binding relationship of the data processing rule with the first user and the requesting party. (“the first identity information of the first user, the second identity information of the second user, the valid period information of the authorization credential to be generated, and submitting the edited each information.” Liu p. 5, ¶ 2).
As to claims 8 and 21, Liu as modified above in claims 3 and 16 discloses a method of claims 5 and 18 and further discloses:
wherein the searching for the second identifier of the requesting party bound to the identity identifier of the first user based on the behavior control list stored in the keystore comprises:
searching for the first identifier corresponding to the target data based on the behavior control list stored in the keystore; and (“obtaining the authentication related information of the authorization credential from the target authorization record information, the valid period information, the target rule, the operation type information corresponding to the operation authority, the first identity information of the first user and the second identity information of the second user;” Liu p. 9, ¶ 3)
searching for the second identifier of the bound requesting party and at least one database authorized to the requesting party according to the first identifier. (“the second identity information of the second user” “” Liu p. 9, ¶ 3)
Claim(s) 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Liu, CN 202110512949 (published 2021), in view of Lindsley et al., US 2016/0026983 (filed 2014).
As to claim 11, Liu discloses a method comprising:
sending a request for an agreement on a data processing rule to a data management system; (“step S102, receiving the authorization processing request sent by the first terminal device of the first user;” Liu p. 5, last ¶. “step S104, if it is determined that the authorization information meets the preset authorization condition, then generating authorization credential according to the authorization information;” Liu p. 5, ¶ 3)
wherein the request for the agreement is associated with a restriction for a data processing behavior of a requesting party; and (“the first user can pre-negotiate with the second user the second user is convenient for the type of the authorization credential, and when the authorization operation, editing the authorization credential type information.” Liu p. 6, ¶ 2)
…
responds to the request for the agreement and completes a signing on the data processing rule, (“the first user can pre-negotiate with the second user the second user is convenient for the type of the authorization credential, …. the authorization information may further include a first digital identity information of the first user, the second digital identity information of the second user; generating an authorization credential may include: obtaining the first signature data obtained by signature processing the first specified data by the first private key corresponding to the first digital identity information,” Liu p. 6, ¶ 2) generating a behavior control list containing the data processing rule to enable the requesting party to initiate a processing request for target data based on the behavior control list. (“grant the operation authority for operating the object in accordance with the target rule;…. wherein the object can be a table, document, device, application and so on; operation type information such as reading operation, writing operation, copying operation, control operation and so on; identity information such as name, identity document number and so on.” Liu p. 5, ¶¶ 1-2)
Liu does not explicitly disclose:
in a case that the requesting party
Lindsay discloses:
in a case that the requesting party
(Note the data request in Lindsay ¶ 109. “The bid request could indicate data provider 32's willingness to accept the specified contract terms if the bid request is accepted.” Lindsay ¶ 113. “At 414, primary data consumer 42A can purchase access rights based on the data offering or bid request from data provider 32. At 415, data brokerage system 70 can record the purchase and indicate whether the purchase resulted from a data offering or successful bid.” Lindsay ¶ 115).
A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Liu with Lindsay by allowing the secondary user to request and agree to the terms of the authorization information of Liu. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Liu with Lindsay in order to allow the data requester (second user of Liu) to acknowledge the sharing agreement or terms, thereby allowing sales of data to data consumers, Lindsay ¶¶ 2 and 11.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892, particularly:
Chen, US 2014/0359085, discloses access permissions for shared content.
Maycotte et al., US 2018/0034824, discloses managing data rights and selective data sharing.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL W CHAO whose telephone number is (571)272-5165. The examiner can normally be reached M, W-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rupal Dharia can be reached at (571) 272-3880. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MICHAEL W CHAO/ Primary Examiner, Art Unit 2492
Prosecution Insights