Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detailed Action
Claims 1, 2, 4, and 8 are amended
Claims 3, 5, 7, and 10-16 are cancelled
Claims 17-26 are added new
Claims 1, 2, 4, 6, 8, 9, and 17-26 are pending
Priority
This application is a continuation of United States Patent Application Number 17/633,779, filed on February 8, 2022, which is a US Nationalization application of PCT Application Number PCT/AU2020/050844, filed on August 13, 2020, which claims priority from Australian Patent Application Number 2019902918 filed on August 13, 2019. Therefore, the effective filing date of this application is 08/13/2019.
Drawings
The drawings are objected to because figures 7A-7C, 8A-8C, and 9A-9C contain text which is not legible. Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.
Specification
The specification filed on 04/08/2025 is acceptable for examination proceedings.
Information Disclosure Statement
The information disclosure statements (IDS) submitted on 03/14/2025. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements have been considered by the examiner.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
Claims 1, 2, 4, 6, 8, 9, and 17-26 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claims 1, 17, and 18 recite the limitation “defining data access rights of one or more data consumers, the data access rights of one or more data consumers including”. However, the claim already recites “share, with one or more data consumers, a first data record”. Examiner suggests amending this limitation to recite “the” before one or more data consumers to clearly indicate it is the same data consumers the first data record is being shared with. Examiner is interpreting this limitation as “defining data access rights of the one or more data consumers, the data access rights of the one or more data consumers including”. Appropriate correction is required.
Claims 2, 4, 6, 8, 9, and 19-26 depend on claim 1. Therefore, they also inherit the rejection.
Claims 1, 17, and 18 recite the limitation “the corresponding data consumer”. However, the claim originally recites of “a data consumer”. Examiner suggests amending this to just “the data consumer”. Appropriate correction is required.
Claims 2, 4, 6, 8, 9, and 19-26 depend on claim 1. Therefore, they also inherit the rejection.
Claim 1 recites of “generate and transmit a third request” and “the record sharing request comprising”. Examiner suggests amending this limitation to “generate and transmit a record sharing request” similar to how it is amended in other instances. Appropriate correction is required.
Claims 2, 4, 6, 8, 9, and 19-26 depend on claim 1. Therefore, they also inherit the rejection.
Claims 1, 17, and 18 recite the limitation “a call to create a new data record in the system of record having at least a link to the first data record”. However, the claim previously recites “allowing the one or more data consumers to create a record having at least a link to the first data record”. It is unclear if the “a new data record” is the same as “a record”. For the purpose of examination Examiner is interpreting the limitation of “a record” as “allowing the one or more data consumers to create a new record having at least a link to the first data record” and the limitation of “a new data record” as “a call to create the new data record in the system of record having at least the link to the first data record”. Appropriate correction is required.
Claims 2, 4, 6, 8, 9, and 19-26 depend on claim 1. Therefore, they also inherit the rejection.
Claims 1, 2, 17, and 18 do not recite “and” before the last limitation. It is unclear if the last limitation is performed or optional. For the purpose of examination Examiner is interpreting claims 1, 17, and 18 to recite “and when the record sharing request to access the first data record is determined to be valid …” and claim 2 to recite “and each distributed ledger node being a computing system …”. Appropriate correction is required.
Claims 4, 6, 8, 9, and 19-26 depend on claim 1. Therefore, they also inherit the rejection.
Claim 4 recites the limitation " the distributed ledger nodes". There is insufficient antecedent basis for this limitation in the claim. For the purpose of examination Examiner is interpreting this limitation as “the one or more distributed ledger nodes”. Appropriate correction is required.
Claim 8 recites the limitation “the decrypted data access parameters”. However, the claim previously recites “decrypt the received data access key to determine the data access parameters”. It is the data access key that is decrypted not the data access parameters. Examiner suggests amending the limitation to “make the data access parameters accessible to the data consumer device” omitting decrypted. Appropriate correction is required.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Claims 1, 2, 4, 6, 8, 9, and 17-26 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-4, 6, and 7 of U.S. Patent No. US 12273448 B2. Although the claims at issue are not identical, they are not patentably distinct from each other because the corresponding claims further recite similar/same limitations of the same subject matter.
Current Application 19/080,351
U.S. Patent No. US 12273448 B2
1. (Currently Amended) A system for secure information sharing comprising: one or more processors; and a memory accessible to the one or more processors, the memory comprising executable program code to implement an information sharing engine, the information sharing engine when executed configures the one or more processors to: receive a first request from a data owner device to define a data access key, the first request comprising data access parameters and a data access policy, create a data owner account for a data owner associated with the data owner device, the data owner account comprising a data owner public identifier to publicly identify the data owner and a data owner private identifier, the data owner private identifier not being publicly known; encrypt the data access parameters to generate the data access key based on the data access parameters, wherein the data access parameters enable querying of a system of record to share, with one or more data consumers, a first data record that forms part of the system of record; define a data access control configuration based on the data access policy, the data access control configuration defining data access rights of one or more data consumers, the data access rights of one or more data consumers including allowing the one or more data consumers to create a record having at least a link to the first data record; transmit to a distributed ledger network a request to store the data access key and the data access control configuration on the distributed ledger network; receive a second request to access the first data record from a data consumer device, the second request comprising a data consumer identifier; create a data consumer account for a data consumer associated with the data consumer device, the data consumer account comprising a data consumer public identifier to publicly identify the corresponding data consumer and a data consumer private identifier, the data consumer private identifier not being publicly known; responsive to the second request, generate and transmit a third request to access the first data record to the distributed ledger network, the record sharing request comprising the data consumer identifier; when the record sharing request to access the first data record is determined to be valid based on the data access control configuration, receiving the data access key from the distributed ledger network and making the received data access key accessible to the data consumer device, and receiving from the data consumer device a call to create a new data record in the system of record having at least a link to the first data record.
1. A system for secure information sharing comprising:
one or more processors; and
a memory accessible to the one or more processors,
the memory comprising executable program code to implement an information sharing engine, the information sharing engine when executed configures the one or more processors to:
receive a first request from a data owner device to define a data access key, the first request comprising data access parameters and a data access policy,
create a data owner account for a data owner associated with the data owner device, the data owner account comprising a data owner public identifier to publicly identify the data owner and a data owner private identifier, the data owner private identifier not being publicly known;
encrypt the data access parameters to generate the data access key based on the data access parameters, wherein the data access parameters enable querying of a system of record to extract data records;
define a data access control configuration based on the data access policy, the data access control configuration defining data access rights of one or more data consumers;
transmit to a distributed ledger network a request to store the data access key and the data access control configuration on the distributed ledger network;
receive a second request to access the data records from a data consumer device, the second request comprising a data consumer identifier;
create a data consumer account for a data consumer associated with the data consumer device, the data consumer account comprising a data consumer public identifier to publicly identify the corresponding data consumer and a data consumer private identifier, the data consumer private identifier not being publicly known;
responsive to the second request, generate and transmit a third request to access the data records to the distributed ledger network, the third request comprising the data consumer identifier;
when the third request to access data records is determined to be valid based on the data access control configuration, receiving the data access key from the distributed ledger network and making the received data access key accessible to the data consumer device.
2. (Currently Amended) The system of claim 1, wherein the data access control configuration is accessible to an access control smart contract implemented on the distributed ledger network, wherein the access control smart contract is executable by one or more distributed ledger nodes forming part of the distributed ledger network, each distributed ledger node being a computing system comprising a node processor to execute the access control smart contract and a node memory to store a distributed ledger data structure.
2. The system of claim 1, wherein the data access control configuration is accessible to an access control smart contract implemented on the distributed ledger network, wherein the access control smart contract is executable by one or more distributed ledger nodes forming part of the distributed ledger network,
each distributed ledger node being a computing system comprising a node processor to execute the access control smart contract and a node memory to store a distributed ledger data structure.
4. (Currently Amended) The system of claim 2, wherein the validity of the record sharing request is determined based on an output of the access control smart contract and reaching consensus on the output among the distributed ledger nodes.
3. The system of claim 2, wherein the validity of the third request is determined based on an output of the access control smart contract and reaching consensus on the output among the distributed ledger nodes.
6. (Original) The system of claim 1, wherein the information sharing engine when executed further configures the one or more processors to: receive a fourth request from the data owner device, the fourth request comprising modification instructions to modify the data access policy; responsive to receiving the fourth request, modify the data access control configuration based on the modification instructions; and transmit to the distributed ledger network a request to store the modified data access control configuration on the distributed ledger network.
4. The system of claim 1, wherein the information sharing engine when executed further configures the one or more processors to:
receive a fourth request from the data owner device, the fourth request comprising modification instructions to modify the data access policy;
responsive to receiving the fourth request, modify the data access control configuration based on the modification instructions; and
transmit to the distributed ledger network a request to store the modified data access control configuration on the distributed ledger network.
8. (Currently Amended) The system of claim 1, wherein the information sharing engine when executed further configures the one or more processors to: decrypt the received data access key to determine the data access parameters; and on determining validity of the record sharing request, make the decrypted data access parameters accessible to the data consumer device.
6. The system of claim 1, wherein the information sharing engine when executed further configures the one or more processors to:
decrypt the received data access key to determine the data access parameters; and
on determining validity of the third request, make the decrypted data access parameters accessible to the data consumer device.
9. (Previously Presented) The system of claim 1, wherein the data access parameters enable authentication through any one of: multi-factor authentication, Security Assertion Mark-up Language (SAML) based authentication or biometric authentication.
7. The system of claim 1, wherein the data access parameters enable authentication through any one of: multi-factor authentication, Security Assertion Mark-up Language (SAML) based authentication or biometric authentication.
22. (New) The system of claim 1, wherein the information sharing engine when executed further configures the one or more processors to: receive from the data owner device a revoke access request, identifying a shared data record, and a data consumer whose access to the shared data record is to be revoked.
5. The system of claim 4, wherein the instructions to modify the data access policy comprise instructions to revoke data access of the data consumer device.
26. (New) The system of claim 25, wherein the health record includes data generated from a personal health device comprising one or more from among:- a fitness tracker;- weighing scales;- a thermometer;- a personal fitness device;- a wearable device;- a smartphone;- a tablet;- a home automation device; -a social media profile;- a computer application executing on a computing device; or - a blood pressure monitor.
8. The system of claim 1, wherein the data records in the system of record comprise data generated by any one or more of a personal fitness device, a wearable device, a smartphone, a tablet, a home automation device, a social media profile or a computer application executing on a computing device.
Claims 17 and 18 recite of limitations similar to that of claim 1. Therefore, claims 17 and 18 are rejected in a similar manner as in the rejection of claim 1.
Regarding claim 1, this claim recites of the limitation “and receiving from the data consumer device a call to create a new data record in the system of record having at least a link to the first data record.”. It would have been obvious of one of ordinary skill in the art before the effective filing date of the invention to create a new data record having at least a link to the first data record. U.S. Patent No. US 12273448 B2 describes in claim 1 “when the third request to access data records is determined to be valid based on the data access control configuration, receiving the data access key from the distributed ledger network and making the received data access key accessible to the data consumer device.” Data access key being accessible is already a link between the data consumer device and the first data record. The limitation of “create a new data record” simply creates a new data record. The claim does not describe how the new data record is used. Therefore, it is obvious to create new records and associate them with other data records.
Regarding claim 19, this claim recites of wherein the data access key is a publish key. U.S. Patent No. US 12273448 B2 describes in claim 1 “generate the data access key based on the data access parameters, wherein the data access parameters enable querying of a system of record to extract data records”. It would have been obvious of one of ordinary skill in the art before the effective filing date of the invention to associate a data access key with a publish key because US 12273448 B2 teaches the data access is based on access parameters used for accessing data records. Furthermore, the claim simply associates the data access key as a publish key. However, the claim does not describe what is the definition of a publish key. Simply calling the data access key by another name does not change its function.
Regarding claim 20, this claim recites of “further comprising an integration management module providing a callable interface that is invokable by the data owner device to create, publish, and allow access to links or pointers to records that form part of the system of record.”. U.S. Patent No. US 12273448 B2 describes in claim 1 “data owner device to define a data access key, the first request comprising data access parameters and a data access policy”. It would have been obvious of one of ordinary skill in the art before the effective filing date of the invention to have a callable interface that is invokable by the data owner device because Claim 1 of US 12273448 B2 already states the data owner can create data access policies to create, publish, and allow access to links or pointers to records. The data access policy determines if access is allowed. Furthermore, the invocation by the data owner device is analogous to the first request recited in US 12273448 B2.
Regarding claim 21, this claim recites of features similar to that of claim 20. Similar arguments apply. However, claim 21 is in the perspective of the data consumer. U.S. Patent No. US 12273448 B2 describes in claim 1 “receive a second request to access the data records from a data consumer device, the second request comprising a data consumer identifier”. It would have been obvious of one of ordinary skill in the art before the effective filing date of the invention to have a callable interface that is invokable by the data consumer device because Claim 1 of US 12273448 B2 describes a second request that is invoked by the data consumer device.
Regarding claim 23, this claim recites of “wherein the first data record is a document.”. It would have been obvious of one of ordinary skill in the art before the effective filing date of the invention to associate the first data record as a document. US 12273448 B2 describes in claim 8 “wherein the data records in the system of record comprise data generated by … a social media profile or a computer application executing on a computing device.”. A document is a well-known form of data of a computer application such as a word document or a text file.
Regarding claim 24, this claim recites of “wherein the document is a document related to personal information or health.” It would have been obvious of one of ordinary skill in the art before the effective filing date of the invention to associate the document with personal information or health because US 12273448 B2 describes in claim 8 “wherein the data records in the system of record comprise data generated by any one or more of a personal fitness device …” Records generated by a personal fitness device are personal information or health information.
Regarding claim 25, this claim recites of “wherein the first data record is a health record.”. This claim recites of features similar to that of claim 24. Therefore, the same rejection applies.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1, 2, 6, 8, 9, and 17-26 are rejected under 35 U.S.C. 101 because they directed to an abstract idea.
Claim 1 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim recites a judicial exception (an abstract idea) that is not integrated into a practical application.
Step 1: Statutory Category
Claim 1 satisfies the statutory category requirement because it is directed to a system comprising memory and processor under 35 U.S.C. 101(a).
Step 2A, Prong 1 – Judicial Exception (Abstract Area)
The claim recites a system for secure information sharing comprising: one or more processors; and a memory accessible to the one or more processors, the memory comprising executable program code to implement an information sharing engine, the information sharing engine when executed configures the one or more processors to: receive a first request from a data owner device to define a data access key, the first request comprising data access parameters and a data access policy, create a data owner account for a data owner associated with the data owner device, the data owner account comprising a data owner public identifier to publicly identify the data owner and a data owner private identifier, the data owner private identifier not being publicly known; encrypt the data access parameters to generate the data access key based on the data access parameters, wherein the data access parameters enable querying of a system of record to share, with one or more data consumers, a first data record that forms part of the system of record; define a data access control configuration based on the data access policy, the data access control configuration defining data access rights of one or more data consumers, the data access rights of one or more data consumers including allowing the one or more data consumers to create a record having at least a link to the first data record; transmit to a distributed ledger network a request to store the data access key and the data access control configuration on the distributed ledger network; receive a second request to access the first data record from a data consumer device, the second request comprising a data consumer identifier; create a data consumer account for a data consumer associated with the data consumer device, the data consumer account comprising a data consumer public identifier to publicly identify the corresponding data consumer and a data consumer private identifier, the data consumer private identifier not being publicly known; responsive to the second request, generate and transmit a third request to access the first data record to the distributed ledger network, the record sharing request comprising the data consumer identifier; when the record sharing request to access the first data record is determined to be valid based on the data access control configuration, receiving the data access key from the distributed ledger network and making the received data access key accessible to the data consumer device, and receiving from the data consumer device a call to create a new data record in the system of record having at least a link to the first data record.
The limitation of A system for secure information sharing comprising: one or more processors; and a memory accessible to the one or more processors, the memory comprising executable program code to implement an information sharing engine, the information sharing engine when executed configures the one or more processors to: receive a first request from a data owner device to define a data access key, the first request comprising data access parameters and a data access policy, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually receive a first request to define a data access key without the need of a processor or memory.
The limitation of create a data owner account for a data owner associated with the data owner device, the data owner account comprising a data owner public identifier to publicly identify the data owner and a data owner private identifier, the data owner private identifier not being publicly known, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually create a data owner account comprising a data owner public identifier and a data owner private identifier.
The limitation of encrypt the data access parameters to generate the data access key based on the data access parameters, wherein the data access parameters enable querying of a system of record to share, with one or more data consumers, a first data record that forms part of the system of record, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually encrypt the data access parameters to generate the data access key based on the data access parameters.
The limitation of define a data access control configuration based on the data access policy, the data access control configuration defining data access rights of one or more data consumers, the data access rights of one or more data consumers including allowing the one or more data consumers to create a record having at least a link to the first data record, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually define a data access control configuration based on the data access policy.
The limitation of transmit to a distributed ledger network a request to store the data access key and the data access control configuration on the distributed ledger network, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually transmit data to distributed ledger network or to any other means to store data.
The limitation of receive a second request to access the first data record from a data consumer device, the second request comprising a data consumer identifier, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually receive a second request to access the first data record.
The limitation of create a data consumer account for a data consumer associated with the data consumer device, the data consumer account comprising a data consumer public identifier to publicly identify the corresponding data consumer and a data consumer private identifier, the data consumer private identifier not being publicly known, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually create a data consumer account comprising a data consumer public identifier and a data consumer private identifier.
The limitation of responsive to the second request, generate and transmit a third request to access the first data record to the distributed ledger network, the record sharing request comprising the data consumer identifier, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually transmit a third record sharing request comprising the data consumer identifier.
The limitation of when the record sharing request to access the first data record is determined to be valid based on the data access control configuration, receiving the data access key from the distributed ledger network and making the received data access key accessible to the data consumer device, and receiving from the data consumer device a call to create a new data record in the system of record having at least a link to the first data record, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually determine if a record sharing request is valid based on the data access control configuration and receive the data access key. Furthermore, a user can manually receive a call to create a new data record having a link to the first data record.
Step 2A, Prong 2 – Integration into a practical Application
This judicial exception is not integrated into a practical application. The claim recites of receiving a first request, creating a data owner account, generating a data access key by encrypting a data access parameters, defining data access control configuration, transmitting to a distributed ledger network, receiving a second request, creating a data consumer account, generating and transmitting a third request to access the first data record, and receiving a data access key if the third record sharing request is valid. However, merely making the received data access key accessible to the data consumer device and creating a new data record having a link to the first data record does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea.
Step 2B- “Significantly More” (Inventive concept)
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. In particular, the claim only recites one additional element of “one or more processors” recited at a high-level of generality (i.e., as a generic processor implementing the executable program code) such that it amounts no more than mere instructions to apply the exception using a generic processor. Mere instructions to apply an exception using a generic processor cannot provide an inventive concept. The claim is not patent eligible. Furthermore, a distributed ledger network recited at a high-level of generality is just a distributed database storing data.
Claim 2 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. This claim recites of wherein the data access control configuration is accessible to an access control smart contract implemented on the distributed ledger network, wherein the access control smart contract is executable by one or more distributed ledger nodes forming part of the distributed ledger network, each distributed ledger node being a computing system comprising a node processor to execute the access control smart contract and a node memory to store a distributed ledger data structure. Therefore, the limitations of this claim, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can also be performed in the mind. A user can manually implement a smart contract which has access to the data access control configuration. Furthermore, as seen in Step 2B analysis of claim 1 the recitation of a node processor to execute the access control smart does not overcome the USC 101 abstract rejection. Examiner suggests omitting “one or more distributed ledger nodes” and simply reciting “a plurality of distributed ledger nodes” to overcome the 101 abstract rejection for claim 2. An access control smart contract that is executed by a plurality of distributed ledger nodes cannot be an abstract idea.
Claim 6 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. This claim recites of wherein the information sharing engine when executed further configures the one or more processors to: receive a fourth request from the data owner device, the fourth request comprising modification instructions to modify the data access policy; responsive to receiving the fourth request, modify the data access control configuration based on the modification instructions; and transmit to the distributed ledger network a request to store the modified data access control configuration on the distributed ledger network. Therefore, the limitations of this claim, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can also be performed in the mind. A user can manually receive a fourth request from the data owner device, the fourth request comprising modification instructions to modify the data access policy, modify the data access control configuration, and transmit to the distributed ledger network a request to store the modified data access control configuration.
Claim 8 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. This claim recites of wherein the information sharing engine when executed further configures the one or more processors to: decrypt the received data access key to determine the data access parameters; and on determining validity of the record sharing
Claim 9 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. This claim recites of wherein the data access parameters enable authentication through any one of: multi-factor authentication, Security Assertion Mark-up Language (SAML) based authentication or biometric authentication. Therefore, the limitations of this claim, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can also be performed in the mind. A user can manually determine the data access parameters enable authentication through any one of: multi-factor authentication, Security Assertion Mark-up Language (SAML) based authentication or biometric authentication.
Claim 17 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Furthermore, this claim recites of a computer implemented method that implements the system for secure information sharing of claim 1. Therefore, claim 17 is rejected in a similar manner as in the rejection of claim 1.
Claim 18 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Furthermore, this claim recites of a non-transitory computer-readable storage medium comprising instructions which, when executed by a computer, cause the computer to carry out a method for secure information sharing as seen in claim 1. Therefore, claim 18 is rejected in a similar manner as in the rejection of claim 1. Furthermore, a computer to carry out a method is similar to the generic processor of claim 1, a similar Step 2B- “Significantly More” applies.
Claim 19 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. This claim recites of wherein the data access key is a publish key. Therefore, the limitations of this claim, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can also be performed in the mind. A user can manually determine the data access key is a publish key.
Claim 20 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. This claim recites of an integration management module providing a callable interface that is invokable by the data owner device to create, publish, and allow access to links or pointers to records that form part of the system of record. Therefore, the limitations of this claim, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can also be performed in the mind. A user can manually implement a callable interface that is invokable by the data owner device to create, publish, and allow access to links or pointers to records that form part of the system of record.
Claim 21 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. This claim recites of wherein the integration management module provides a callable interface that is invokable by the data consumer device to create, publish, and allow access to links or pointers to records that form part of the system of record. Therefore, the limitations of this claim, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can also be performed in the mind. A user can manually implement a callable interface that is invokable by the data consumer device to create, publish, and allow access to links or pointers to records that form part of the system of record.
Claim 22 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. This claim recites of wherein the information sharing engine when executed further configures the one or more processors to: receive from the data owner device a revoke access request, identifying a shared data record, and a data consumer whose access to the shared data record is to be revoked. Therefore, the limitations of this claim, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can also be performed in the mind. A user can manually receive from the data owner device a revoke access request.
Claim 23 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. This claim recites of wherein the first data record is a document. Therefore, the limitations of this claim, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can also be performed in the mind. A user can manually determine the first data record is a document.
Claim 24 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. This claim recites of wherein the document is a document related to personal information or health. Therefore, the limitations of this claim, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can also be performed in the mind. A user can manually determine the document is a document related to personal information or health.
Claim 25 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. This claim recites of wherein the first data record is a health record. Therefore, the limitations of this claim, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can also be performed in the mind. A user can manually determine the first data record is a health record.
Claim 26 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. This claim recites of wherein the health record includes data generated from a personal health device comprising one or more from among:- a fitness tracker;- weighing scales;- a thermometer;- a personal fitness device;- a wearable device;- a smartphone;- a tablet;- a home automation device;-a social media profile;- a computer application executing on a computing device; or - a blood pressure monitor. Therefore, the limitations of this claim, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can also be performed in the mind. A user can manually determine the health record includes data generated from a personal health device.
The dependent claims 2, 6, 8, 9, and 19-26 are directed to abstract ideas and do not include additional elements that are sufficient to amount to significantly more than the judicial exception. This judicial exception is not integrated into a practical application. Therefore, the claims are not patent eligible.
Allowable Subject Matter
Claims 1, 2, 4, 6, 8, 9, and 17-26 recite allowable subject matter. A reason of allowance will be states in a notice of allowance once all other rejections have been overcome.
Pertinent Art
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.
CALLAN (US-20190334700-A1): This prior art teaches of a data management blockchain and protocol for controlling access to data, in which no central trusted authority is required, is presented. The data management blockchain and protocol comprises an initial announcement of public keys by a plurality of blockchain participants, through which each blockchain participant establishes an identity. Subsequently a first of the plurality of blockchain participants publishes data encrypted with a cryptographic key on the blockchain. A second of the plurality of blockchain participants is assigned as an owner of the data by an authority. Access to the data is granted or revoked to further participants by the second of the plurality of blockchain participants through signed permission messages published on the blockchain, and a corresponding hand-over of the cryptographic key by the first of the plurality of blockchain participants, allowing access to the data. Access to further data may be revoked by changing the cryptographic key used.
NENOV (US-10291395-B1): This prior art teaches of systems and methods for use of a distributed ledger system to securely store data. Encrypted data files of one or more computing devices may be distributed to processing nodes of the distributed ledger system. The data may be subsequently retrieved and decrypted by the computing device or another device. Because the distributed ledger system creates a chain of hashes of prior blocks, the data may be immune to modification or corruption, as any changes to blocks storing the encrypted data may be immediately apparent.
HENNEBERT (US-20190294817-A1): This prior art teaches of method/a system for accessing personal data using an access token server, a data server and a blockchain. The access token server generates the access rights of different users in the form of access tokens. The access token server stores an access token by transmitting it via a first transaction, to a first smart contract of the blockchain. A user can request an access authorization by transmitting a second transaction to a second smart contract that can access the token by presenting cryptographic elements to authenticate the user. A granted authorization is recorded by the second contract in the blockchain. A user may access the personal data by transmitting an access request to the data server. This interrogates the second smart contract to verify the authorization and to obtain the access token. The data server next transmits the stored personal data to a URL specified in the token.
PARK (US-20160055347-A1): This prior art teaches of data access control method includes requesting, by the data owner unit, the generation of a data encryption key (DEK) from the manager unit, generating, by the manager unit, the DEK, generating, by the manager unit, the result of the Ciphertext Policy-Attribute Based Encryption (CP-ABE) of the DEK and a secret key used to decrypt the result of the CP-ABE encryption, and then responding, by the manager unit, to the data owner unit, obtaining, by the data owner unit, the DEK by performing the CP-ABE decryption of the result of the CP-ABE encryption using the secret key, encrypting, by the data owner unit, data with the obtained DEK, and uploading, by the data owner unit, the encrypted data and DEK information to the cloud.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AFAQ ALI whose telephone number is (571)272-1571. The examiner can normally be reached Mon - Fri 7:30am - 5:30pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ALI SHAYANFAR can be reached at (571) 270-1050. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/A.A./
06/11/2026
/AFAQ ALI/Examiner, Art Unit 2434
/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434