Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions. 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 
DETAILED ACTION
Claims 1-20 are pending in this office action. 

Priority
No foreign priority is claimed. Priority claimed to US16/153,808, filed 10/07/2018.

Information Disclosure Statement
The information disclosure statements (IDS's) submitted on 03/04/2019 and 03/09/2020 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the examiner.

Claim Objections
Claim  9 is objected to because of the following informalities:
For claims 9, the word “service provider” is misspelled in the second-last line.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the "right to exclude" granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Omum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321 (c) or 1.321 (d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement.
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b)

Claims 1-20 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over various claims of application# 16/153,808, now patent# 10,263,970 B1 (referred to as ‘970 hereinafter). Claims 1, 3, 6, 7, 10, 11, 16, 17 and 20 of ‘970 patent anticipate or cover all the limitations set forth in the instant claims 1-20.
Although the conflicting claims are not identical, they are not patentably distinct from each other because the instant application claims are anticipated and covered by similar subject matter as that of generally narrower claims 1, 3, 6, 7, 10, 11, 16, 17 and 20 of ‘970 as also highlighted below.

Claim Comparison Table   
Patent#
10,263,970
Instant Application
16/291,161
1. A method of securing client-related data by a service provider, the method including the steps of: receiving a web request at a website of the service provider from a client for content provided by the service provider; obtaining a key for the client in response to the web request, wherein the key uniquely identifies the client to the service provider; collecting client-related data associated with the client from one or more service provider data stores, wherein the client-related data comprises information related to one or more visits to the website by the client; transforming a portion of the client-related data to produce obfuscated client-related data in the one or more service provider data stores; generating keyed client data comprising the key and the obfuscated client-related data; storing the keyed client data; 
receiving a third-party request for the client-related data from a third-party, the third-party request including the key; and transmitting the keyed client data to the third-party, wherein the keyed client data is obfuscated for unauthorized third parties.

6. The method of claim 1 wherein the step of obtaining the key for the client includes the steps of: determining whether the key has previously been stored for the client; and responsive to the step of determining indicating that the key has previously been stored for the client, retrieving the key; and responsive to the step of determining that the key has not been previously stored for the client, generating a new key for the client. 

10. A system to secure client-related data collected by a service provider website comprises: a key manager for transforming a client identifier of a client into a key, wherein the service provider website is configured to receive a request for content from the client, and wherein the key uniquely identifies the client to a service provider associated with the service provider website; a first storage device for storing the key; a transform unit, provided as part of the key manager, for transforming at least a portion of client-related data obtained from one or more service provider data stores to produce obfuscated client-related data, wherein the client-related data relates to one or more visits to the service provider website by the client; a secure cookie builder, provided as part of the key manager, for combining the key and the obfuscated client-related data into keyed client data; a second storage device configured to store the keyed client data; and an interface, coupled to the second storage device, to return the keyed client data in response to third party requests from a third party for the client-related data, the third party requests including the key, and wherein the keyed client data is obfuscated for unauthorized third-parties. 

11. The system according to claim 10, wherein the key manager includes a mechanism for selectively either generating the key when the client accesses the service provider website or retrieving a previously generated key from the second storage device.

16. A method of securing client-associated data collected by a service provider includes the steps of: forwarding a web request for content to a service provider's website, the web request for content including an identifier of a client issuing the web request; receiving, in response to the web request, keyed client data from the service provider, the keyed client data comprising a key uniquely associated with the identifier, and obfuscated data of the client, wherein the obfuscated data of the client is obtained by transforming a portion of a client-associated data collected from one or more service provider data stores, and wherein the client-associated data relates to one or more visits to the service provider's website by the client; storing the keyed client data at the client; and transmitting the keyed client data to a third-party requester in response to the third-party's request for the client-associated data, the third-party's request for the client-associated data comprising the key and wherein the keyed client data is obfuscated for unauthorized third parties. 
17. The method of claim 16 wherein the key comprises a unique value that identifies the client only to authorized parties.
1. A method of securing client data generated as part of a client-server relationship includes the steps of: forwarding, by a client, a web request to a web-site of a service provider, the web request including a client identifier; receiving, in response to the web request, a key from the service provider, the key comprising a unique key associated with the client and known to members of an authorized network; receiving, from the service provider, obfuscated client intelligence data, wherein the obfuscated client intelligence data comprises information related to client internet activity, and wherein the obfuscated client intelligence data is encoded using the unique key associated with the client; storing the key and obfuscated client intelligence data in a memory device of the client; and periodically transmitting the obfuscated client intelligence data to the service provider.

17. A system comprising: a client device associated with a client, comprising: a processor; a non-transitory client storage device configured to store: a unique key uniquely associated with the client and known to members of an authorized network; obfuscated client intelligence data comprising encoded information related to client internet activity; browser program code, operable when executed upon by the processor to manage service provider communications, including to manage an updating of the obfuscated client intelligence data using the unique key; and a service provider comprising: a key manager for generating the unique key for the client; a non-transitory server data store device configured to store the unique key and a copy of the obfuscated client intelligence data; and an interface, configured to forward to the obfuscated client intelligence data to a third party in response to a third-party request, the third-party request including the unique key associated with the client.


Likewise, instant independent claim 9 is also anticipated by limitations of claims 1, 10 and 16 of ‘970; other instant claims not shown in the table are covered by one or more of the indicated claims of ‘970. Further, a system claim may carry out method steps in a computing environment of the system with elements such as processor and memory. Therefore, it would be obvious to be able to carry out steps of a method, using a device or a system and executed by a processor of the system.
This is a non-provisional obviousness type double patenting rejection because the conflicting claims have been patented.



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-16 are rejected under 35 U.S.C. 103 as being unpatentable over Kapczynski et al. (US 10,277,659 B1, hereinafter Kapczynski), in view of Gorodyansky (US 2012/0023570 A1).
For claim 1, Kapczynski teaches a method of securing client data generated as part of a client-server relationship includes the steps of: forwarding, by a client, a web request to a web-site of a service provider (Fig. 1-3 – user element 110 as a client which requests an accesses to the network including content or service provider website 140n; also as disclosed in - col. 2 lines 42-67; col. 3 lines 1-11; col. 13 line 65 – col. 14 line 5 – user visits a website (140) and various categories of information are tracked), the web request including a client identifier (col. 3 lines 36-39 – cookie data comprising user ID; col. 2 lines 41-50 – user or client identification associated with the cookie data created by the receiving website; col. 4 lines 57-64; Fig. 2A; col. 7 lines 3-14 – user providing identifier associated with user; col. 10 lines 39-53 – user identity is associated with the requested object);
receiving, from the service provider, obfuscated client intelligence data, wherein the obfuscated client intelligence data comprises information related to client internet activity, and wherein the obfuscated client intelligence data is encoded using the key associated with the client; (Fig. 1; col. 4 line 57 – col. 5 line 7 – service provider website 140n stores encoded or obfuscated internet activity (or cookie) related information on the client, which needs to be decoded for a meaningful data access; col. 3 lines 15-27 – encoded or obfuscated client intelligence data or cookie data is encoded using the key associated with the client such that only those in possession of the key can decode the data).
storing obfuscated client intelligence data in a memory device of the client (col. 4 line 57 – col. 5 line 14 – client internet data that needs to be decoded for meaningful access; col. 3 lines 43-45; col. 5 lines 40-55 and lines 62-67 – the cookie data is pushed to the user device and is received and thereby stored in the user device; col. 1 lines 39-47; col. 2 lines 42-67; col. 3 lines 1-11; col. 4 lines18-25; col. 4 line 40 – col. 5 line 14 –data in form of cookie stored in the storage associated with the user); and 
periodically transmitting the obfuscated client intelligence data to the service provider (col. 4 lines 40-65; col. 5 lines 40-52; col. 11 lines 33-64  – cookie data generated by a website, and provided to the user system which stores locally and/or provides to cookie aggregation system which then transmits the obfuscated or encoded internet activity or cookie data to the website; Fig. 2A-2C and corresponding sections (col. 6, 7) in the specification that describe transmitting cookie data or link to the same from the user device).
Although Kapczynski teaches a key for encoding or obfuscating client intelligence data or cookie data associated with the client and web request such that only those in possession of the key can decode the data (col. 3 lines 15-27), and although simple concept of data encryption and authorized data decryption using user-specific keys (via PKI, symmetric keys etc.) is very well-known in the art, Kapczynski does not appear to explicitly teach, however Gorodyansky teaches receiving and storing a key from the service provider, the key comprising a unique key associated with the client and known to members of an authorized network used to encode the user data (para 0042-0043, 0046 – user-specific keys used for encryption of user data which may be accessed for decryption using the user-specific keys obtained from the data store, thereby disclosing a simple concept of data encryption and decryption using specific keys associated with users). Based on Kapczynski in view of Gorodyansky, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to utilize teachings of Gorodyansky in the system of Kapczynski, in order to incorporate robust data protection mechanism and ensuring authorized data access based on controlled data encryption and decryption using authorized designated elements such as keys, thereby making the system more secure to preserve user privacy.

For claim 2, Kapczynski in view of Gorodyansky teaches the claimed subject matter as discussed above. Kapczynski further teaches wherein the obfuscated client intelligence data comprises a purchase history of the client (col. 13 lines 35-42, 47-59; col. 14 lines 57-59 – shopping history).

For claim 3, Kapczynski in view of Gorodyansky teaches the claimed subject matter as discussed above. Kapczynski further teaches wherein the obfuscated client intelligence data comprises a browsing history of the client (col. 4 line 57 – col. 5 line 14; col. 13 lines 35-42 – activity data including browsing data).

For claim 4, Kapczynski in view of Gorodyansky teaches the claimed subject matter as discussed above. Kapczynski further teaches wherein the step of forwarding the web request to the service provider includes the step of forwarding a client identifier to the service provider (col. 3 lines 36-39 – cookie data comprising user ID; col. 2 lines 41-50 – user or client identification associated with the cookie data created by the receiving website; col. 4 lines 57-64; Fig. 2A; col. 7 lines 3-14 – user providing identifier associated with user; col. 10 lines 39-53 – user identity is associated with the requested object; Fig. 6A-6C – also indicate client identifier being part of cookies as communicated from or associated with the client user device).

For claim 5, Kapczynski in view of Gorodyansky teaches the claimed subject matter as discussed above. Although Kapczynski teaches a key for encoding or obfuscating client intelligence data or cookie data associated with the client and web request such that only those in possession of the key can decode the data (col. 3 lines 15-27) wherein the service provider website stores encoded or obfuscated internet activity (or cookie) related information on the client, which needs to be decoded for a meaningful data access (Fig. 1; col. 4 line 57 – col. 5 line 7; col. 11 lines 41-65), and although simple concept of data encryption and authorized data decryption using user-specific keys (via PKI, symmetric keys etc.) is very well-known in the art, Kapczynski does not appear to explicitly teach, however Gorodyansky teaches wherein the step of storing the key includes the step of storing the key in a data structure of a browser of the client (para 0041-0043, 0046 – decryption key when provided to/from the browser, gets stored in the browser-related code for further processing).

For claim 6, Kapczynski in view of Gorodyansky teaches the claimed subject matter as discussed above. Kapczynski further teaches wherein the obfuscated client intelligence data is periodically updated by the service provider in response to client internet activity (col. 4 lines 40-65; col. 5 lines 40-52; col. 9 lines 41-50; col. 11 lines 33-64; col. 12 lines 40-53 – cookie data generated by a website, and provided to the user system which stores locally and/or provides to cookie aggregation system which then transmits the obfuscated or encoded internet activity or cookie data to the website including updating the same; Fig. 2A-2C and corresponding sections (col. 6, 7) in the specification that describe transmitting cookie data or link to the same from the user device).

For claim 7, Kapczynski in view of Gorodyansky teaches the claimed subject matter as discussed above. Kapczynski further teaches the method of claim 6 wherein the obfuscated client intelligence data is periodically updated by the service provider to capture client internet activity at the web-site of the service provider and at third-party web-sites (col. 3 lines 54-63; col. 4 lines 18-28, 40-65; col. 5 lines 40-52; col. 9 lines 41-50; col. 11 lines 33-64; col. 12 lines 40-53  – cookie data generated by a website, and provided to the user system which stores locally and/or provides to cookie aggregation system which then transmits the obfuscated or encoded internet activity or cookie data to various websites (third-party) upon request or based on predetermined arrangement, including updating the cookie information).

For claim 8, Kapczynski in view of Gorodyansky teaches the claimed subject matter as discussed above. Kapczynski further teaches wherein the step of periodically transmitting the obfuscated client intelligence data to the service provider occurs in response to a request by a third-party member of the authorized network for the obfuscated client intelligence data (col. 3 line 43 - col. 4 line 28; col. 5 line 63 – col. 6 line 30 – user interface and authorization code provided by the aggregation server system and sent to the user, and cookie provided to the user in order for the user to respond so that the content modification or access modification takes place, wherein the cookie data generated by a website, and provided to the user system which stores locally and/or provides to cookie aggregation system which then transmits the obfuscated or encoded internet activity or cookie data to various websites (third-party) upon request or based on predetermined arrangement, including updating the cookie information).

For claim 9, Kapczynski teaches client device comprising: a processor; a non-transitory storage device (Fig. 1, 2A, 3; col. 8) configured to store: obfuscated client intelligence data comprising encoded information related to client internet activity (Fig. 1; col. 4 line 57 – col. 5 line 14 – service provider website 140n stores encoded or obfuscated internet activity (or cookie) related information on the client, which needs to be decoded for a meaningful data access; col. 3 lines 15-27, 43-45; col. 5 lines 40-55 and lines 62-67 – encoded or obfuscated client intelligence data or cookie data is encoded using the key associated with the client such that only those in possession of the key can decode the data, wherein the encoded cookie data is pushed to the user device and is received and thereby stored in the user device; col. 1 lines 39-47; col. 2 lines 42-67; col. 3 lines 1-11; col. 4 lines18-25; col. 4 line 40 – col. 5 line 14 –data in form of cookie stored in the storage associated with the user); and browser program code, operable when executed upon by the processor to manage communications with a coupled service provider, including to manage an updating of the obfuscated client intelligence data using the key (col. 4 lines 40-65; col. 5 lines 40-52; col. 9 lines 41-50; col. 11 lines 33-64; col. 12 lines 40-53 – cookie data generated by a website, and provided to the user system which stores locally and/or provides to cookie aggregation system which then transmits the obfuscated or encoded internet activity or cookie data to the website including updating the same; Fig. 2A-2C and corresponding sections (col. 6, 7) in the specification that describe transmitting cookie data or link to the same from the user device).
Although Kapczynski teaches a key for encoding or obfuscating client intelligence data or cookie data associated with the client and web request such that only those in possession of the key can decode the data (col. 3 lines 15-27), and although simple concept of data encryption and authorized data decryption using user-specific keys (via PKI, symmetric keys etc.) is very well-known in the art, Kapczynski does not appear to explicitly teach, however Gorodyansky teaches receiving and storing a key uniquely associated with a client associated with the client device and known to members of an authorized network (para 0042-0043, 0046 – user-specific keys used for encryption of user data which may be accessed for decryption using the user-specific keys obtained from the data store, thereby disclosing a simple concept of data encryption and decryption using specific keys associated with users). Based on Kapczynski in view of Gorodyansky, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to utilize teachings of Gorodyansky in the system of Kapczynski, in order to incorporate robust data protection mechanism and ensuring authorized data access based on controlled data encryption and decryption using authorized designated elements such as keys, thereby making the system more secure to preserve user privacy.

For claim 10, Kapczynski in view of Gorodyansky teaches the claimed subject matter as discussed above. Kapczynski further teaches wherein the browser program code is further configured to: forward, by the client, a web request to a web-site of a service provider (Fig. 1-3 – user element 110 as a client which requests an accesses to the network including content or service provider website 140n; also as disclosed in - col. 2 lines 42-67; col. 3 lines 1-11; col. 13 line 65 – col. 14 line 5 – user visits a website (140) and various categories of information are tracked), the web request including a client identifier (col. 3 lines 36-39 – cookie data comprising user ID; col. 2 lines 41-50 – user or client identification associated with the cookie data created by the receiving website; col. 4 lines 57-64; Fig. 2A; col. 7 lines 3-14 – user providing identifier associated with user; col. 10 lines 39-53 – user identity is associated with the requested object);
receive, from the service provider, the obfuscated client intelligence data, wherein the obfuscated client intelligence data comprises information related to client internet activity, and wherein the obfuscated client intelligence data is encoded using the key (Fig. 1; col. 4 line 57 – col. 5 line 7 – service provider website 140n stores encoded or obfuscated internet activity (or cookie) related information on the client, which needs to be decoded for a meaningful data access; col. 3 lines 15-27 – encoded or obfuscated client intelligence data or cookie data is encoded using the key associated with the client such that only those in possession of the key can decode the data); and 
periodically transmit the obfuscated client intelligence data to the service provider (col. 4 lines 40-65; col. 5 lines 40-52; col. 11 lines 33-64  – cookie data generated by a website, and provided to the user system which stores locally and/or provides to cookie aggregation system which then transmits the obfuscated or encoded internet activity or cookie data to the website; Fig. 2A-2C and corresponding sections (col. 6, 7) in the specification that describe transmitting cookie data or link to the same from the user device).
Although Kapczynski teaches a key for encoding or obfuscating client intelligence data or cookie data associated with the client and web request such that only those in possession of the key can decode the data (col. 3 lines 15-27), and although simple concept of data encryption and authorized data decryption using user-specific keys (via PKI, symmetric keys etc.) is very well-known in the art, Kapczynski does not appear to explicitly teach, however Gorodyansky teaches receiving and storing a key from the service provider (para 0042-0043, 0046 – user-specific keys used for encryption of user data which may be accessed for decryption using the user-specific keys obtained from the data store, thereby disclosing a simple concept of data encryption and decryption using specific keys associated with users).

For claim 11, Kapczynski in view of Gorodyansky teaches the claimed subject matter as discussed above. Kapczynski further teaches wherein the obfuscated client intelligence data comprises a purchase history of the client (col. 13 lines 35-42, 47-59; col. 14 lines 57-59 – shopping history).

For claim 12, Kapczynski in view of Gorodyansky teaches the claimed subject matter as discussed above. Kapczynski further teaches wherein the obfuscated client intelligence data comprises a browsing history of the client (col. 4 line 57 – col. 5 line 14; col. 13 lines 35-42 – activity data including browsing data).

For claim 13, Kapczynski in view of Gorodyansky teaches the claimed subject matter as discussed above. Kapczynski further teaches wherein the web request comprises at least one of a client identifier and the key (col. 3 lines 36-39 – cookie data comprising user ID; col. 2 lines 41-50 – user or client identification associated with the cookie data created by the receiving website; col. 4 lines 57-64; Fig. 2A; col. 7 lines 3-14 – user providing identifier associated with user; col. 10 lines 39-53 – user identity is associated with the requested object; Fig. 6A-6C – also indicate client identifier being part of cookies as communicated from or associated with the client user device).

For claim 14, Kapczynski in view of Gorodyansky teaches the claimed subject matter as discussed above. Kapczynski further teaches wherein the obfuscated client intelligence data is periodically updated by the service provider in response to client internet activity (col. 4 lines 40-65; col. 5 lines 40-52; col. 9 lines 41-50; col. 11 lines 33-64; col. 12 lines 40-53 – cookie data generated by a website, and provided to the user system which stores locally and/or provides to cookie aggregation system which then transmits the obfuscated or encoded internet activity or cookie data to the website including updating the same; Fig. 2A-2C and corresponding sections (col. 6, 7) in the specification that describe transmitting cookie data or link to the same from the user device).

For claim 15, Kapczynski in view of Gorodyansky teaches the claimed subject matter as discussed above. Kapczynski further teaches the method of claim 6 wherein the obfuscated client intelligence data is periodically updated by the service provider to capture client internet activity at the web-site of the service provider and at third-party web-sites (col. 3 lines 54-63; col. 4 lines 18-28, 40-65; col. 5 lines 40-52; col. 9 lines 41-50; col. 11 lines 33-64; col. 12 lines 40-53  – cookie data generated by a website, and provided to the user system which stores locally and/or provides to cookie aggregation system which then transmits the obfuscated or encoded internet activity or cookie data to various websites (third-party) upon request or based on predetermined arrangement, including updating the cookie information).

For claim 16, Kapczynski in view of Gorodyansky teaches the claimed subject matter as discussed above. Kapczynski further teaches wherein the step of periodically transmitting the obfuscated client intelligence data to the service provider for updating occurs in response to a request by a third-party member of the authorized network for the obfuscated client intelligence data (col. 3 line 43 - col. 4 line 28; col. 5 line 63 – col. 6 line 30 – user interface and authorization code provided by the aggregation server system and sent to the user, and cookie provided to the user in order for the user to respond so that the content modification or access modification takes place, wherein the cookie data generated by a website, and provided to the user system which stores locally and/or provides to cookie aggregation system which then transmits the obfuscated or encoded internet activity or cookie data to various websites (third-party) upon request or based on predetermined arrangement, including updating the cookie information).


Claims 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Kapczynski et al. (US 10,277,659 B1, hereinafter Kapczynski), in view of Gorodyansky (US 2012/0023570 A1), and further in view of Gurevich et al. (US 2002/0178370 A1, Gurevich hereinafter).
For claim 17, Kapczynski teaches a client device associated with a client, comprising: a processor; a non-transitory client storage device (Fig. 1, 2A, 3; col. 8) configured to store: obfuscated client intelligence data comprising encoded information related to client internet activity (Fig. 1; col. 4 line 57 – col. 5 line 14 – service provider website 140n stores encoded or obfuscated internet activity (or cookie) related information on the client, which needs to be decoded for a meaningful data access; col. 3 lines 15-27, 43-45; col. 5 lines 40-55 and lines 62-67 – encoded or obfuscated client intelligence data or cookie data is encoded using the key associated with the client such that only those in possession of the key can decode the data, wherein the encoded cookie data is pushed to the user device and is received and thereby stored in the user device; col. 1 lines 39-47; col. 2 lines 42-67; col. 3 lines 1-11; col. 4 lines18-25; col. 4 line 40 – col. 5 line 14 –data in form of cookie stored in the storage associated with the user); and browser program code, operable when executed upon by the processor to manage service provider communications, including to manage an updating of the obfuscated client intelligence data using the key (col. 4 lines 40-65; col. 5 lines 40-52; col. 9 lines 41-50; col. 11 lines 33-64; col. 12 lines 40-53 – cookie data generated by a website, and provided to the user system which stores locally and/or provides to cookie aggregation system which then transmits the obfuscated or encoded internet activity or cookie data to the website including updating the same; Fig. 2A-2C and corresponding sections (col. 6, 7) in the specification that describe transmitting cookie data or link to the same from the user device); and 
a service provider comprising: a non-transitory server data store device configured to store the key and a copy of the obfuscated client intelligence data (col. 4 line 57 – col. 5 line 14 – client internet data that needs to be decoded for meaningful access; col. 3 lines 43-45; col. 5 lines 40-55 and lines 62-67 – the cookie data is pushed to the user device and is received and thereby stored in the user device; col. 1 lines 39-47; col. 2 lines 42-67; col. 3 lines 1-11; col. 4 lines18-25; col. 4 line 40 – col. 5 line 14 – data in form of cookie stored in the storage associated with the user); and an interface, configured to forward to the obfuscated client intelligence data to a third party in response to a third-party request, the third-party request including the key associated with the client (col. 3 line 43 - col. 4 line 28; col. 4 lines 40-52; col. 5 line 63 – col. 6 line 10 – user interface provided by the aggregation server system and sent to the user, and cookie pushed to the user (or pulled by the user) in order for the user to respond so that the content modification or access modification takes place; col. 9 lines 41-50; col. 11 lines 33-64; col. 12 lines 40-53  – cookie data generated by a website, and provided to the user system which stores locally and/or provides to cookie aggregation system which then transmits the obfuscated or encoded internet activity or cookie data to various websites (third-party) upon request or based on predetermined arrangement, including updating the cookie information).
Although Kapczynski teaches a key for encoding or obfuscating client intelligence data or cookie data associated with the client and web request such that only those in possession of the key can decode the data (col. 3 lines 15-27), and although simple concept of data encryption and authorized data decryption using user-specific keys (via PKI, symmetric keys etc.) is very well-known in the art, Kapczynski does not appear to explicitly teach, however Gorodyansky teaches a key uniquely associated with a client associated with the client device and known to members of an authorized network (para 0042-0043, 0046 – user-specific keys used for encryption of user data which may be accessed for decryption using the user-specific keys obtained from the data store, thereby disclosing a simple concept of data encryption and decryption using specific keys associated with users). Further, although Kapczynski in view of Gorodyansky teaches key and user-specific key usage for data privacy as discussed above, the combination does not appear to explicitly teach, however Gurevich teaches a key manager for generating the unique key for the client (para 0018, 0032, 0042, 0058, 0067-0068 – unique encryption key generation for encryption and decryption of sensitive data of the user).
 Based on Kapczynski in view of Gorodyansky and Gurevich, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to utilize teachings of Gurevich in the system of Kapczynski and Gorodyansky, in order to incorporate robust data protection mechanism and ensuring authorized data access based on controlled data encryption and decryption using authorized designated elements such as uniquely generated keys, thereby making the system more secure to preserve user privacy.

For claim 18, Kapczynski in view of Gorodyansky and Gurevich teaches the claimed subject matter as discussed above. Kapczynski further teaches wherein the obfuscated client intelligence data includes client information related to at least one of a purchase history and an internet browsing history of the client (col. 4 line 57 – col. 5 line 14; col. 13 lines 35-42 – activity data including browsing data).

For claim 19, Kapczynski in view of Gorodyansky and Gurevich teaches the claimed subject matter as discussed above. Kapczynski further teaches wherein the interface of the service provider is further configured to forward the unique key associated with the client to the third party if the third party is a member of the authorized network permitted to access obfuscated client intelligence data (col. 3 line 43 - col. 4 line 28; col. 5 line 63 – col. 6 line 30 – user interface and authorization code provided by the aggregation server system and sent to the user, and cookie provided to the user in order for the user to respond so that the content modification or access modification takes place, wherein the cookie data generated by a website, and provided to the user system which stores locally and/or provides to cookie aggregation system which then transmits the obfuscated or encoded internet activity or cookie data to various websites (third-party) upon request or based on predetermined arrangement and authorization, including updating the cookie information).

For claim 20, Kapczynski in view of Gorodyansky and Gurevich teaches the claimed subject matter as discussed above. Kapczynski further teaches wherein the key manager further comprises: a transform unit for transforming at least a portion of the client information obtained from the service provider and coupled third-parties to produce the obfuscated client intelligence data; and wherein the interface is further configured to forward the obfuscated client intelligence data to the client and to the authorized network (col. 3 line 43 - col. 4 line 28; col. 4 lines 40-52; col. 5 line 63 – col. 6 line 10 – user interface provided by the aggregation server system and sent to the user, and cookie pushed to the user (or pulled by the user) in order for the user to respond so that the content modification or access modification takes place; col. 9 lines 41-50; col. 11 lines 33-64; col. 12 lines 40-53  – cookie data generated by a website, and provided to the user system which stores locally and/or provides to cookie aggregation system which then transmits the obfuscated or encoded internet activity or cookie data to various websites (third-party) upon request or based on predetermined arrangement, including updating the cookie information; and wherein the user interface and authorization code provided by the aggregation server system and sent to the user, and cookie provided to the user in order for the user to respond so that the content modification or access modification takes place, wherein the cookie data generated by a website, and provided to the user system which stores locally and/or provides to cookie aggregation system which then transmits the obfuscated or encoded internet activity or cookie data to various websites (third-party) upon request or based on predetermined arrangement and authorization, including updating the cookie information).

    
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAYESH JHAVERI whose telephone number is (571)270-7584. The examiner can normally be reached on Mon-Fri 9 AM to 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571)272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/JAYESH M JHAVERI/Primary Examiner, Art Unit 2433