DETAILED ACTION
1. 	Applicant's election without traverse of Group I, claims 1-6 in the reply filed on 11/23/2020 is acknowledged. Claims 7-14 are withdrawn. Thus claims 1-6 are pending and considered for examination. Claim 1 is independent.

Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
3.	The following claimed benefit is acknowledged: the instant application, filed on 10/10/2018 claims foreign priority to 102017218547.3, filed 10/18/2017. The certified copy of this foreign priority has been received. 

Information Disclosure Statement
4.	No information disclosure statements (IDS), has been submitted. 
Drawings
5.	The drawings filed on October 10, 2018 are accepted. 
Specification
6.	The disclosure filed on October 10, 2018 is objected to because of the following informalities: 
The specification is objected to under 37 C.F.R. 1.74, which requires the detailed description to refer to the different parts of the figures by use of reference letters or 
a. On page 12, lines 4-11 and on the corresponding applicant’s own published specification on paragraph 0064 the following has been recited referring to figure 3 that should have been referred to figure 4. 
“FIG. 3 shows one specific embodiment of the method according to the present invention for checking the plausibility of privacy statements DA. At the start, as illustrated in FIG. 1, provider 2 provides 100 the information, data, and/or services as offering 4 on electronic marketplace 1. In addition, provider 2 provides 101 privacy statements DA, which are to be checked for plausibility….
The above underlined figure 3 should be corrected as Fig. 4
Appropriate correction is required.

Claim Rejections - 35 USC § 103
7.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
8.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Examiner’s note: text in bold corresponds to the claimed limitations; text in italics underlined or not underlined correspond to the cited prior art reference (i.e., verbatim, and/or examiner’s clarification. Meaning, text after a limitation in brackets [ ] corresponds to examiner’s mapping (including further explanation and/or comments) and/or prior art reference citations. Furthermore text in brackets [ ] points out explanation how the claim limitation is taught or explicitly taught by the reference being cited for that particular limitation or part of the limitation]

10.	Claims 1-6 are rejected under 35 U.S.C. 103 as being unpatentable over Gail-Joon Ahn (herein after referred as Ahn) (US Pub. No. US 2009/0300716 A1) in view of Michael Backers (herein after referred as Backers) (US Pub. No. 2006/0184995 A1)

11.	As per independent claim 1, Ahn discloses a server application for access by a user to information, data, and/or services that are provided by at least one provider as an offering in the server application [See paragraph 0053 and see figure1, ref. 8/host/server….”a user attempts to access or request a web service or resource. In order to authenticate the user, and as a condition to deciding whether to authorize the access, the relying party 30 responds with a security policy describing the identity requirements needed to facilitate this online interaction or transaction. This response is typically a request for a security token that contains certain specified claim assertions necessary for the authentication process. The security policy is received at the user's host machine 8, and this event invokes the identity selector 22 to handle the processing of the security token and to formulate a response (i.e., directing the issuance of an appropriate security token], the server application configured to: check [See paragraph 0057, Referring still to FIG. 1, and specifically to user agent 10, the privacy enforcement engine 12 includes any facility or agent-based application that processes the privacy policy 32 received from relying party 30, and conducts the evaluation of user preferences (ruleset 18) against the privacy policy 32. Any means known to those skilled in the art can be used to implement engine 12. In a conventional manner, engine 12 fetches the privacy policy 32 sent from relying party 30, and evaluates it according to the user's ruleset 18 (i.e., the statements expressing the user's privacy control preferences). Engine 12 directs rule evaluator 14 to evaluate or compare the ruleset 18 against the evidence presented to it, i.e., the relying party's privacy policy 32. Engine 12 governs and otherwise manages the operation of rule evaluator 14, which can be provided in any conventional form. See also paragraph 0063, Rules express the users preferences that are then compared to a service's privacy policy, such as a P3P policy. See also figure 2 and paragraph 0070, The matrix, in particular, reflects how the preferences for each privacy level apply to each attribute. Preference editor 16 allows the user to author The privacy protection scheme indicated by the matrix, namely, the ruleset that implements such privacy preferences as applied to specified information (attributes). See also figure 20. Examiner Note: user’s privacy control preferences meets the limitation of “a data protection-relevant metainformation of the offering”]
Even though Ahn broadly discloses checking of privacy statements for compliance it doesn’t explicitly discloses the following underlined claim limitation. Namely checking the plausibility of privacy statements based a comparison of privacy statements.
However Backers on paragraphs 0078 discloses the following that meets checking the plausibility of privacy statements based on a comparison of privacy statements…”
“Privacy Statements: The action privacy-relevant behavior of an enterprise can serve as basis for a privacy statement made to the consumers. The method according to the invention provides this in two ways: A) Generate privacy statement: By removing the enterprise internals, the derived privacy policy can be simplified into a privacy statement that can be published. B) Verify privacy statement: After deriving a privacy policy from the business process, this privacy policy can be compared to the privacy statement an enterprise wants to publish.”

Ahn and Backers are in the same field of endeavor directed to privacy policy or privacy statements and protecting the user’s private information. 

It would have been obvious to one having ordinary skill in the art, before the effective filing of the claimed invention, to implement in the system of Ahn, a mechanism to use the feature such as “checking the plausibility of privacy statements based on a comparison of privacy statements” as taught by Backers because this would enhance [See at least Backers at least paragraph 0005]

12.	As per claim 2, the combination of Ahn and Backers discloses a method/system as applied to claim 1 above. Furthermore Backers discloses the method/system wherein the server application is an electronic marketplace. [See figure 1, electronic Bookshop that meets electronic marketplace where book can be order electronically and paragraph see 0055, FIG. 1 shows the complete work flow of ordering a book. It is divided into four parts: customer, shipping agent, bookshop, and credit card agency. These four parts specify a locus of activities, which also correspond to different organizational units (legal entities) that have to follow their own privacy regulations. In the example, the focus is set on the bookshop, which makes a privacy promise to its customers and privacy statements to its business partners, which are in the present example the credit card agency and shipping agent]

13.	As per claim 3, the combination of Ahn and Backers discloses a method/system as applied to claim 1 above. Furthermore Ahn discloses the method/system wherein annotations which include the metainformation are stored in the server application as part of the offering [See figure 1, ref. 18 where user’s privacy control preferences ruleset is stored in the host/server meets the limitation of annotation that includes “a data protection-relevant metainformation of the offering” see paragraph 0041, The system, according to the invention, includes a user agent 10 having a privacy enforcement engine 12, a rule evaluator 14, a privacy language preference editor 16, and a privacy preference ruleset 18. The system further includes an identity manager 20 having an identity selector 22 and an information card storage 24. In one exemplary form, the combination of user agent 10 and identity manager 20 is resident on a common host machine or computing platform 8.]

14.	As per claim 4, the combination of Ahn and Backers discloses a method/system as applied to claim 1 above. Furthermore Ahn discloses the method/system wherein the annotations which include the metainformation are retrievable on the service provided in the server application. [See paragraph 0057, See figure 1, ref. 18 where user’s privacy control preferences ruleset that is stored in the host/server meets the limitation of “a data protection-relevant metainformation of the offering” is retrievable to be compared the privacy policy 32. “Referring still to FIG. 1, and specifically to user agent 10, the privacy enforcement engine 12 includes any facility or agent-based application that processes the privacy policy 32 received from relying party 30, and conducts the evaluation of user preferences (ruleset 18) against the privacy policy 32. Any means known to those skilled in the art can be used to implement engine 12. In a conventional manner, engine 12 fetches the privacy policy 32 sent from relying party 30, and evaluates it according to the user's ruleset 18 (i.e., the statements expressing the user's privacy control preferences). Engine 12 directs rule evaluator 14 to evaluate or compare the ruleset 18 against the evidence presented to it, i.e., the relying party's privacy policy 32. Engine 12 governs and otherwise manages the operation of rule evaluator 14, which can be provided in any conventional form.”]

15.	As per claim 5, the combination of Ahn and Backers discloses a method/system as applied to claim 1 above. Furthermore Ahn discloses the method/system wherein the annotations which include the metainformation are transmittable together with data that are transferred, with the aid of the server application [See figure 2 and paragraph 0071, The FIG. 2 listing implements a ruleset applying the strict privacy control to the attributes of credit card, first name, and address. According to one exemplary rule indicated in the listing, when there is a policy mismatch (i.e., the result of the evaluation performed by rule evaluator 14), the rule triggers the noted behavior, namely, a prompt to the user that queries: "There was a request for your [first name] [Credit Card No] [Address] with a policy mismatch. Do you want to give away data?" The occurrence of this query indicates that the applicable rule was evaluated against the privacy policy, and there was a mismatch. The mismatch condition reveals that the relying party's privacy policy did not meet the privacy standard--reflected in the strict privacy scheme--expected by the user for disclosures containing the first name, credit card no., and address. Nevertheless, the rule allows the user to still opt-in or opt-out of the disclosure ("Do you want to give away data?").]

16.	As per claim 6, the combination of Ahn and Backers discloses a method/system as applied to claim 1 above. Furthermore Ahn discloses the method/system wherein data protection characteristics are output and displayed to the user as a display signal. [See figure 2 and paragraph 0071, The FIG. 2 listing implements a ruleset applying the strict privacy control to the attributes of credit card, first name, and address. According to one exemplary rule indicated in the listing, when there is a policy mismatch (i.e., the result of the evaluation performed by rule evaluator 14), the rule triggers the noted behavior, namely, a prompt to the user that queries: "There was a request for your [first name] [Credit Card No] [Address] with a policy mismatch. Do you want to give away data?" The occurrence of this query indicates that the applicable rule was evaluated against the privacy policy, and there was a mismatch. The mismatch condition reveals that the relying party's privacy policy did not meet the privacy standard--reflected in the strict privacy scheme--expected by the user for disclosures containing the first name, credit card no., and address. Nevertheless, the rule allows the user to still opt-in or opt-out of the disclosure ("Do you want to give away data?").]
Conclusion

17.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
A. 	US Publication No. 2005/0091101 A1 to Epling discloses systems and methods for user-tailored presentation of privacy policy data. At block 208, the trust engine 116 compares the concerns 120 with the statements 112 included in the privacy policy file 110. The comparison is a standard Boolean match procedure which attempts to match keywords or tags included in the concerns 120 file with metatags included in the policy statements 112. P3P includes metatags that are known in the art and are published on an Internet site managed by the W3C. In addition, the trust engine 116 may also be configured to search for keywords in the privacy policy statements 112 instead of, or in addition to, the metatags. [See at least paragraph 0038]
B.  	US Publication No. 2005/0210285 A1 to Williams discloses systems/method that are provided for recommending to a user whether or not to trust content for potential downloading. The recommendation module 312 further considers the input 514 of third party accreditation agencies, or a privacy policy published by the site, such as a privacy statement complying with the P3P standard. The y comparing the metadata about the content to be downloaded with information in the user profile, expert profiles and other inputs, the recommendation module computes an appropriate trust quotient 500 for the content. In an embodiment of the invention, if the trust quotient 500 is above a threshold value, the content is recommended for downloading by setting downloading as the default choice. Otherwise, the content is not recommended for downloading…[See at least paragraph 0037]
C. 	US Patent No. 10,891,393 B2 discloses a system and method for enterprise privacy information compliance (EPIC), configured to scan and interrogate a site for privacy compliance based on one or more privacy standards. The method includes identifying at least one website associated with a URL and determining whether the at least one website is compliant with one or more privacy requirements. The method also includes generating a report indicating which of the one or more privacy requirements are met and which of the one or more privacy requirements are unmet. [See at least the abstract]

D. 	US Publication No. 2014/0344948 A1 to Hayato discloses private information management apparatus, a method, and a program that allows individual users to easily set and apply their privacy rules. A private information management apparatus receives setting data from a user terminal and creates a privacy rule that defines a condition for restricting disclosure of private information and a restriction method. If undisclosed image data contains private information of a user, the private information management apparatus extracts metadata contained in this undisclosed image data, and determines whether or not the metadata satisfies the condition for restricting disclosure of the private information. If it is determined that the condition is satisfied, the private information management apparatus executes the restriction method defined by the privacy rule. 
E. 	US Publication No. 2010/0153,695 A1 to Bussard discloses whether user-side privacy preferences and service-side privacy policies are matched is determined utilizing an extended security policy assertion language. Both privacy policies, i.e. how data recipients promise to treat data, and privacy preferences, i.e. how data providers expect their data to be treated, are expressed with the same language. Decisions are made through evaluation of queries based on preference and policy assertions. 
F.  	US Publication No. 2015/0207819 A1 to Sartor discloses policy rating server device that receives a request from a client computing device for one or more privacy ratings. The request identifies at least one application, such as an application installed on the client computing device for example. A policy associated with the identified application is obtained. The obtained policy is analyzed to identify a plurality of key words or phrases associated with use by the at least one application of functionality of, or personal information stored on, the client computing device. One or more privacy ratings are generated based on numerical values assigned to each of the identified key words or phrases. The generated one or more privacy ratings are output to the client computing device in response to the request.
G.  	US Publication No. 2016/0134649 A1 to Allen FIGS. 3-9 discloses an approach that can be executed on an information handling system. The information handling system utilizes deep semantic analysis of privacy statements along with a trained set of malicious and valid documents to highlight and find new suspicious documents. In one to compute a suspicion score for the new document. In turn, the information handling system flags documents that generate a suspicion score over a suspicion threshold and highlight suspicious areas in the document accordingly. [See at least paragraph 0036]
H. See other cited prior arts.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMSON B LEMMA whose telephone number is 571-272-3806.  The examiner can normally be reached on M-F 8am-10pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shaw Yin Chen can be reached on to 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.	
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/SAMSON B LEMMA/Primary Examiner, Art Unit 2498