DETAILED ACTION
This communication is in response to Applicant’s amendment filed on February 03, 2021. Claims 8 and 16-20 have been amended. Claims 1-20 are pending and are directed towards system and method for PRIVACY SAFE ATTRIBUTION DATA HUB. Examiner acknowledges Applicant’s amendment to the specification, drawings and claims, and therefore withdraws the previous office action’s objections to the specification, drawings and the claims, and withdraw the previous 35 USC § 112(b) and the 35 USC § 101 rejections. However, the rejection under 35 USC § 103 is maintained. The rejection is stated below.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Hegeman et al. U.S. Patent Pub. No. 2011/0106630 A1 (hereinafter Hegeman) in view of Pattan et al. U.S. Patent Pub. No. 2015/0379574 A1 (hereinafter “Pattan”) and further in view of Shah et al. U.S. Patent Pub. No. 2015/0235258 A1 (hereinafter Shah).

As per claim 1, Hegeman teaches a method, comprising: 
receiving at a first processor, an ad data set that includes encrypted ad identifiers for a plurality of advertising events, and that further includes ad information that pertains to each advertising event (The advertisement selector 230 receives 402 information associated with advertisements from the advertisement database 220. The information received at the advertisement selector 230 may include, for example, indexes of advertisements [ad identifier], expected revenue values associated with the advertisements, user feedback responses [advertising events] previously collected for the advertisements and statistical data associated with the advertisements [ad information]. Hegeman, Para [0079]); 
(The advertisement selector 230 computes 410 the modifiers representing the user's expected interest in the advertisements. In one embodiment, a modifier of an advertisement is computed by (i) obtaining a first value by multiplying a coefficient to the number of positive user feedback responses related to the advertisement, (ii) obtaining a second value by multiplying another coefficient to the number of negative user feedback responses related to the advertisement, and (iii) deducting the second value from the first value. A higher modifier represents a higher value of the advertisement to the users. Hegeman, para [0081]); 
calculating at the first processor an advertising recommendation, based on the aggregated attribution credit value for each advertisement (The advertisement selector 230 selects and prioritizes 418 the advertisements for presentation to the users 110 based on the total values of the advertisements. In one embodiment, the advertisement selector 230 selects one or more advertisements with higher total values. Hegeman, para [0083]); and 
sending the calculated advertising recommendation to an advertising entity (The advertisers 104 send advertisements 106 and information related to the advertisements to the advertiser communication module 210 via a network. Hegeman, para [0038]) (the advertisement selector 230 selects the advertisements to be sent to the users 110, and sends the advertisements to the users 110 via the user communication module. Hegeman, para [0043]).
Hegeman does not explicitly teach encrypted ad identifier and decrypting the encrypted ad identifiers in a trusted execution environment
However, Pattan teaches encrypted ad identifier and decrypting the encrypted ad identifiers in a trusted execution environment (client ad manager 132 sends an ad ID, a present location of the user, and encrypted identification information to annotation server 154. The encrypted identification information may be a limited ID cookie, a non-limited identification cookie, or an encrypted identifier. The ad ID is the unique identifier for the ad that the user has clicked on. Pattan, para [0106]) (annotation server 154 decrypts the encrypted identification information to obtain a user ID. In an embodiment, annotation server 154 may decrypt a limited ID cookie, a non-limited identification cookie, or some other encrypted identifier to obtain the user ID. Annotation server 154 sends the encrypted identification information to authentication validator 142 to decrypt the encrypted identification information, in order to obtain the user ID. Pattan, para [0107]); 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Hegeman to have  encrypted ad identifier and decrypting the encrypted ad identifiers in a trusted execution environment. One would be motivated to do so, to enhance the security and the privacy of the system.
Hegeman teaches calculating attribution credit value for each advertising event. But, does not explicitly teach aggregating the data in the attribution data set according to each advertising event in the plurality of advertising events, creating an aggregated data set that includes an aggregated attribution credit value for each advertisement in the trusted execution environment. 
However, Shah teaches aggregating the data in the attribution data set according to each advertising event in the plurality of advertising events, creating an aggregated data set that includes an aggregated attribution credit value for each advertisement in the trusted execution environment (FIG. 4C is a table 470 that illustrates a data aggregation process that includes setting up references to related devices for facilitating a traversal process … each device is also associated with its related devices in column 458, as well as a unique aggregation identifier in column 460 [activity data is aggregated with profile data and device/user information]. Shah, para [0048] and Figure 4C).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Hegeman to aggregating the data in the attribution data set according to each advertising event in the plurality of advertising events, creating an aggregated data set that includes an aggregated attribution credit value for each advertisement in the trusted execution environment. One would be motivated to do so, for identifying, targeting, and analyzing users and associated user data when presenting an advertisement as part of an advertising campaign. (Shah, para [0004]).

As per claim 2, Hegeman, Pattan and shah teach the method of claim 1, wherein the ad data set is received from an ad publisher (receive a plurality of advertisements 106 and related information from one or more advertisers. Hegeman, Para [0030]).

As per claim 3, Hegeman, Pattan and shah teach the method of claim 1, wherein the ad information that pertains to each advertising event includes at least one of a type of the advertising event, an ID for a user who viewed the advertisement, the date and time of the event, an ID for the advertisement itself, an ID for targets for the advertisement, and a campaign type (The advertisers 104 may also provide information associated with advertisements such as the characteristics of the products or services being advertised, the profile of targeted users, the advertisement fees (i.e., expected revenue values) that the advertisers are willing to pay, and the total cap amount of advertisement fee for a certain duration (e.g., daily and monthly). Hegeman Para [0031]).

As per claim 4, Hegeman teaches the method of claim 3, wherein the campaign type includes at least one of a branding campaign, a non-branding campaign, a display campaign, a map campaign, and a mobile campaign (the advertisement displayed in the user interface 386 may be included in the content item received from the online service computing device 108. In this embodiment, the media player extracts the advertisement from the content item and displays the advertisement in the area 394. Hegeman, para [0077]).

As per claim 5, Hegeman, Pattan and shah teach the method of claim 1, wherein the plurality of advertising events includes at least one of a user click on an advertisement, and a user view of an advertisement (actions taken by the users after the advertisements are displayed on the screen. The actions taken into account for the CPA-based pricing structure may include, among others, the following: (i) clicking on the advertisement. Hegeman, para [0003]).

As per claim 6, Hegeman, Pattan and shah teach the method of claim 1, wherein the plurality of advertising events pertains to a product purchased by a user (actions taken by the users after the advertisements are displayed on the screen. The actions taken into account for the CPA-based pricing structure may include, among others, the following: (i) clicking on the advertisement, (ii) registration to the advertiser's service or product and (iii) conclusion of a sale of a service or product. Hegeman, para [0003]).

claim 7, Hegeman, Pattan and shah teach the method of claim 1, wherein the advertising recommendation includes at least one of: when to serve an ad, which ad to serve, how prominently to display an ad, where to display an ad, and to which users to display an ad (The advertisement selector 230 selects and prioritizes 418 the advertisements for presentation to the users 110 based on the total values of the advertisements. In one embodiment, the advertisement selector 230 selects one or more advertisements with higher total values. Hegeman, para [0083]).

As per claim 8, Hegeman teaches a method, comprising: 
receiving at a first processor, an ad data set that includes encrypted ad identifiers for a plurality of advertising events, and that further includes ad information that pertains to each advertising event (The advertisement selector 230 receives 402 information associated with advertisements from the advertisement database 220. The information received at the advertisement selector 230 may include, for example, indexes of advertisements [ad identifier], expected revenue values associated with the advertisements, user feedback responses [advertising events] previously collected for the advertisements and statistical data associated with the advertisements [ad information]. Hegeman, Para [0079]); 
creating, at the first processor and in the trusted execution environment, an attribution data set for at least a subset of the encrypted ad identifiers, the attribution data set based on at least a subset of the ad information that pertains to each advertising event (The advertisement selector 230 computes 410 the modifiers representing the user's expected interest in the advertisements. In one embodiment, a modifier of an advertisement is computed by (i) obtaining a first value by multiplying a coefficient to the number of positive user feedback responses related to the advertisement, (ii) obtaining a second value by multiplying another coefficient to the number of negative user feedback responses related to the advertisement, and (iii) deducting the second value from the first value. A higher modifier represents a higher value of the advertisement to the users. Hegeman, para [0081]); 
sending the attribution data set to an advertising entity (The advertisement selector 230 selects and prioritizes 418 the advertisements for presentation to the users 110 based on the total values of the advertisements. Hegeman, para [0083]);
calculating an advertising recommendation based on the aggregated attribution credit value for each ad identifier (The advertisement selector 230 selects and prioritizes 418 the advertisements for presentation to the users 110 based on the total values of the advertisements. In one embodiment, the advertisement selector 230 selects one or more advertisements with higher total values. Hegeman, para [0083]); and 
sending the calculated advertising recommendation to an advertising publisher (The advertisers 104 send advertisements 106 and information related to the advertisements to the advertiser communication module 210 via a network. Hegeman, para [0038]) (the advertisement selector 230 selects the advertisements to be sent to the users 110, and sends the advertisements to the users 110 via the user communication module. Hegeman, para [0043]).
Hegeman does not explicitly teach encrypted ad identifier and decrypting the encrypted ad identifiers in a trusted execution environment
However, Pattan teaches encrypted ad identifier and decrypting the encrypted ad identifiers in a trusted execution environment (client ad manager 132 sends an ad ID, a present location of the user, and encrypted identification information to annotation server 154. The encrypted identification information may be a limited ID cookie, a non-limited identification cookie, or an encrypted identifier. The ad ID is the unique identifier for the ad that the user has clicked on. Pattan, para [0106]) (annotation server 154 decrypts the encrypted identification information to obtain a user ID. In an embodiment, annotation server 154 may decrypt a limited ID cookie, a non-limited identification cookie, or some other encrypted identifier to obtain the user ID. Annotation server 154 sends the encrypted identification information to authentication validator 142 to decrypt the encrypted identification information, in order to obtain the user ID. Pattan, para [0107]) (ads server 118 sends encrypted identification information to authentication validator 142 and receives a user ID. In some embodiments, ads server 118 sends the limited ID cookie or the non-limited identification cookie to the authentication validator 142. In some embodiments, authentication validator 142 is the only module with the capability to decrypt the encrypted identification information and extract the user ID. This adds a level of protection to the security of the encrypted identification information. Pattan, para [0130]).  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Hegeman to have  encrypted ad identifier and decrypting the encrypted ad identifiers in a trusted execution environment. One would be motivated to do so, to enhance the security and the privacy of the system.
Hegeman teaches calculating attribution credit value for each advertising event. But, does not explicitly teach receiving at the first processor, from the advertising entity, an aggregated data set that includes an aggregated attribution credit value for each ad identifier, the aggregated data set based on the attribution data set sent to the advertising entity. 
However, Shah teaches receiving at the first processor, from the advertising entity, an aggregated data set that includes an aggregated attribution credit value for each ad identifier, the  (FIG. 4C is a table 470 that illustrates a data aggregation process that includes setting up references to related devices for facilitating a traversal process … each device is also associated with its related devices in column 458, as well as a unique aggregation identifier in column 460 [activity data is aggregated with profile data and device/user information]. Shah, para [0048] and Figure 4C).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Hegeman to receiving at the first processor, from the advertising entity, an aggregated data set that includes an aggregated attribution credit value for each ad identifier, the aggregated data set based on the attribution data set sent to the advertising entity. One would be motivated to do so, for identifying, targeting, and analyzing users and associated user data when presenting an advertisement as part of an advertising campaign. (Shah, para [0004]).

As per claim 9, Hegeman, Pattan and shah teach the method of claim 8. Hegeman does not explicitly teach wherein the received aggregated data set is readable by the first processor.
However, Shah teaches wherein the received aggregated data set is readable by the first processor (After user data is distributed across related devices or setup for data traversal, the aggregated profile user data may be utilized for various purposes. For example, a campaign may be set up and executed based on aggregated profiles and their related devices. More particularly, particular audience segments may be targeted across devices or a sequence of devices. Various combinations or aspects of the aggregated user profile data may also be analyzed and reported to determine how to optimize advertisement campaigns. Other uses of aggregated profiles and device graphs may also include marketing engagement for particular aggregated profiles across devices. Shah, para [0052]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Hegeman so that the received aggregated data set is readable by the first processor. One would be motivated to do so, for the flexibility of accessing and analyzing the aggregated dataset. 

As per claim 10, Hegeman, Pattan and shah teach the method of claim 8, wherein the ad data set is received from an ad publisher (receive a plurality of advertisements 106 and related information from one or more advertisers. Hegeman, Para [0030]).

As per claim 11, Hegeman, Pattan and shah teach the method of claim 8, wherein the ad information that pertains to each advertising event includes at least one of: an ID for a user who viewed the advertisement, an approximate time of an advertising event, content of the advertisement, a targeting for the advertisement, and a campaign type for the advertisement (The advertisers 104 may also provide information associated with advertisements such as the characteristics of the products or services being advertised, the profile of targeted users, the advertisement fees (i.e., expected revenue values) that the advertisers are willing to pay, and the total cap amount of advertisement fee for a certain duration (e.g., daily and monthly). Hegeman Para [0031]).

As per claim 12, Hegeman teaches the method of claim 11, wherein the campaign type includes at least one of a branding campaign, a non-branding campaign, a display campaign, a (the advertisement displayed in the user interface 386 may be included in the content item received from the online service computing device 108. In this embodiment, the media player extracts the advertisement from the content item and displays the advertisement in the area 394. Hegeman, para [0077]).

As per claim 13, Hegeman, Pattan and shah teach the method of claim 8, wherein the plurality of advertising events includes at least one of a user click on an advertisement and a user view of an advertisement (actions taken by the users after the advertisements are displayed on the screen. The actions taken into account for the CPA-based pricing structure may include, among others, the following: (i) clicking on the advertisement. Hegeman, para [0003]).

As per claim 14, Hegeman, Pattan and shah teach the method of claim 8, wherein the plurality of advertising events pertains to a product purchased by a user (actions taken by the users after the advertisements are displayed on the screen. The actions taken into account for the CPA-based pricing structure may include, among others, the following: (i) clicking on the advertisement, (ii) registration to the advertiser's service or product and (iii) conclusion of a sale of a service or product. Hegeman, para [0003]).

As per claim 15, Hegeman, Pattan and shah teach the method of claim 8, wherein the advertising recommendation includes at least one of when to serve an ad, which ad to serve, and which ad to discard (The advertisement selector 230 selects and prioritizes 418 the advertisements for presentation to the users 110 based on the total values of the advertisements. In one embodiment, the advertisement selector 230 selects one or more advertisements with higher total values. Hegeman, para [0083]).

As per claim 16, Hegeman teaches a non-transitory computer-readable medium storing program code, the program code configured to, when executed: 
receive at a first processor, an ad data set that includes encrypted ad identifiers for a plurality of advertising events, and that further includes ad information that pertains to each advertising event (The advertisement selector 230 receives 402 information associated with advertisements from the advertisement database 220. The information received at the advertisement selector 230 may include, for example, indexes of advertisements [ad identifier], expected revenue values associated with the advertisements, user feedback responses [advertising events] previously collected for the advertisements and statistical data associated with the advertisements [ad information]. Hegeman, Para [0079]); 
apply to each advertising event in the plurality of advertising events, an attribution credit based on an attribution model, creating an attribution data set in a trusted execution environment (The advertisement selector 230 computes 410 the modifiers representing the user's expected interest in the advertisements. In one embodiment, a modifier of an advertisement is computed by (i) obtaining a first value by multiplying a coefficient to the number of positive user feedback responses related to the advertisement, (ii) obtaining a second value by multiplying another coefficient to the number of negative user feedback responses related to the advertisement, and (iii) deducting the second value from the first value. A higher modifier represents a higher value of the advertisement to the users. Hegeman, para [0081]); 
(The advertisement selector 230 selects and prioritizes 418 the advertisements for presentation to the users 110 based on the total values of the advertisements. In one embodiment, the advertisement selector 230 selects one or more advertisements with higher total values. Hegeman, para [0083]); and 
send the calculated advertising recommendation to an advertising entity (The advertisers 104 send advertisements 106 and information related to the advertisements to the advertiser communication module 210 via a network. Hegeman, para [0038]) (the advertisement selector 230 selects the advertisements to be sent to the users 110, and sends the advertisements to the users 110 via the user communication module. Hegeman, para [0043]).
Hegeman does not explicitly teach encrypted ad identifier and decrypt the encrypted ad identifiers in a trusted execution environment.
However, Pattan teaches encrypted ad identifier and decrypt the encrypted ad identifiers in a trusted execution environment (client ad manager 132 sends an ad ID, a present location of the user, and encrypted identification information to annotation server 154. The encrypted identification information may be a limited ID cookie, a non-limited identification cookie, or an encrypted identifier. The ad ID is the unique identifier for the ad that the user has clicked on. Pattan, para [0106]) (annotation server 154 decrypts the encrypted identification information to obtain a user ID. In an embodiment, annotation server 154 may decrypt a limited ID cookie, a non-limited identification cookie, or some other encrypted identifier to obtain the user ID. Annotation server 154 sends the encrypted identification information to authentication validator 142 to decrypt the encrypted identification information, in order to obtain the user ID. Pattan, para [0107]); 

Hegeman teaches calculating attribution credit value for each advertising event. But, does not explicitly teach aggregate the data in the attribution data set according to each advertising event in the plurality of advertising events, creating an aggregated data set that includes an aggregated attribution credit value for each advertisement in the trusted execution environment. 
However, Shah teaches aggregate the data in the attribution data set according to each advertising event in the plurality of advertising events, creating an aggregated data set that includes an aggregated attribution credit value for each advertisement in the trusted execution environment (FIG. 4C is a table 470 that illustrates a data aggregation process that includes setting up references to related devices for facilitating a traversal process … each device is also associated with its related devices in column 458, as well as a unique aggregation identifier in column 460 [activity data is aggregated with profile data and device/user information]. Shah, para [0048] and Figure 4C) 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Hegeman to aggregating the data in the attribution data set according to each advertising event in the plurality of advertising events, creating an aggregated data set that includes an aggregated attribution credit value for each advertisement in the trusted execution environment. One would be motivated to  (Shah, para [0004]).

As per claim 17, Hegeman, Pattan and shah teach the non-transitory computer-readable medium of claim 16, wherein the ad information that pertains to each advertising event includes at least one of a type of advertisement, an ID for a user who viewed the advertisement, the advertisement itself, a target demographic for the advertisement, and a campaign type (The advertisers 104 may also provide information associated with advertisements such as the characteristics of the products or services being advertised, the profile of targeted users, the advertisement fees (i.e., expected revenue values) that the advertisers are willing to pay, and the total cap amount of advertisement fee for a certain duration (e.g., daily and monthly). Hegeman Para [0031]).

As per claim 18, Hegeman teaches the non-transitory computer-readable medium of claim 17, wherein the campaign type includes at least one of a branding campaign, a non-branding campaign, a display campaign, a map campaign, and a mobile campaign (the advertisement displayed in the user interface 386 may be included in the content item received from the online service computing device 108. In this embodiment, the media player extracts the advertisement from the content item and displays the advertisement in the area 394. Hegeman, para [0077]).

As per claim 19, Hegeman, Pattan and shah teach the non-transitory computer-readable medium of claim 16, wherein the plurality of advertising events includes at least one of a user (actions taken by the users after the advertisements are displayed on the screen. The actions taken into account for the CPA-based pricing structure may include, among others, the following: (i) clicking on the advertisement. Hegeman, para [0003]).

As per claim 20, Hegeman, Pattan and shah teach the non-transitory computer-readable medium of claim 16, wherein the advertising recommendation includes at least one of when to serve an ad, which ad to serve, and which ad to discard (The advertisement selector 230 selects and prioritizes 418 the advertisements for presentation to the users 110 based on the total values of the advertisements. In one embodiment, the advertisement selector 230 selects one or more advertisements with higher total values. Hegeman, para [0083]).

Response to Arguments
Applicant's arguments with respect to 35 U.S.C. § 103 rejection have been fully considered but they are not persuasive.

Applicant’s argues regarding independent claim 1 which recites “applying to each advertising event in the plurality of advertising events, an attribution credit based on an attribution model, creating an attribution data set in a trusted execution environment” and “creating an aggregated data set that includes an aggregated attribution credit value for each advertisement in the trusted execution environment” that none of the cited references alone or combined disclose or suggest the cited limitation. Independent claim 8 recites similar features.

In Response:
Examiner respectfully disagrees with Applicant’s assertion. The specification clarifies the purpose of using a trusted execution environment which is to protect data from being viewed by any code, system, or person outside the TEE (A processor according to some embodiments includes a trusted execution environment, also known as a TEE or enclave. A TEE protects data inside the TEE from being viewed by any code, or system, or person, outside the TEE. Spec, para [0028]).
The secondary reference Pattan teaches that the authentication validator is a trusted execution environment to protect the protected identification information (ads server 118 sends encrypted identification information to authentication validator 142 and receives a user ID. In some embodiments, ads server 118 sends the limited ID cookie or the non-limited identification cookie to the authentication validator 142. In some embodiments, authentication validator 142 is the only module with the capability to decrypt the encrypted identification information and extract the user ID. This adds a level of protection to the security of the encrypted identification information. Pattan, para [0130]). Therefore, the authentication validator perform the same function of the trusted execution environment.
Also, the secondary reference Shah teaches a method to protect user profile data, which perform the same function of the trusted execution environment (The user profile of user u may include any characteristics that were, are, or can be associated with the particular user u. To protect a user's privacy, user profile data may be stored with an anonymized type of user identifier, such as an arbitrary or randomized identity, rather than the user's actual name, specific residency, or any other type of user identifying information. Examples of user profile data for the particular anonymized user u may include descriptive data, such as personal or professional interests, employment status, home ownership, knowledge of languages, age, education level, gender, race and/or ethnicity, income, marital status, religion, size of family, field of expertise, residential location (country, state, DMA, etc.), travel location, or predictive data, such as likelihood to consume content or perform an activity, such as clicking on an ad, visiting a page or purchasing a product or service. Shah, para [0071]).

Applicant’s argues regarding independent claim 1 which recites “decrypting the encrypted ad identifiers in a trusted execution environment” that none of the cited references alone or combined disclose or suggest the cited limitations. Independent claims 8 and 16 recite similar feature. 
 
In Response:
Examiner respectfully disagrees with Applicant’s assertion. The specification clarifies the purpose of using a trusted execution environment which is to protect data from being viewed by any code, system, or person outside the TEE (A processor according to some embodiments includes a trusted execution environment, also known as a TEE or enclave. A TEE protects data inside the TEE from being viewed by any code, or system, or person, outside the TEE. Spec, para [0028]).
The secondary reference Pattan teaches the limitation decrypting the encrypted ad identifiers in a trusted execution environment (client ad manager 132 sends an ad ID, a present location of the user, and encrypted identification information to annotation server 154. The encrypted identification information may be a limited ID cookie, a non-limited identification cookie, or an encrypted identifier. The ad ID is the unique identifier for the ad that the user has clicked on. Pattan, para [0106]) (annotation server 154 decrypts the encrypted identification information to obtain a user ID. In an embodiment, annotation server 154 may decrypt a limited ID cookie, a non-limited identification cookie, or some other encrypted identifier to obtain the user ID. Annotation server 154 sends the encrypted identification information to authentication validator 142 to decrypt the encrypted identification information, in order to obtain the user ID. Pattan, para [0107]). 
Pattan teaches that the authentication validator is a trusted execution environment to protect the protected identification information (ads server 118 sends encrypted identification information to authentication validator 142 and receives a user ID. In some embodiments, ads server 118 sends the limited ID cookie or the non-limited identification cookie to the authentication validator 142. In some embodiments, authentication validator 142 is the only module with the capability to decrypt the encrypted identification information and extract the user ID. This adds a level of protection to the security of the encrypted identification information. Pattan, para [0130]). Therefore, the authentication validator perform the same function of the trusted execution environment. 

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHALID M ALMAGHAYREH whose telephone number is (571)272-0179.  The examiner can normally be reached on Monday - Thursday 8AM-5PM EST & Friday variable.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SALEH NAJJAR can be reached on (571)272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to 




Respectfully Submitted

/KHALID M ALMAGHAYREH/Examiner, Art Unit 2492                                                                                                                                                                                                        
/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492