DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present Office Action is a response to an application filed 09/06/2018, wherein Claims 1-20 are pending and ready for examination.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
This application currently names joint inventors. In considering patentability of the claims, the Examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Internet Communications
Applicant is encouraged to submit a written authorization for Internet communications (PTO/SB/439, found at http:/www.uspto.gov/sites/default/files/documents/sb0439.pdf) in the instant patent application to authorize the examiner to communicate with the applicant via email. The authorization will allow the examiner to better practice compact prosecution. The written authorization can be submitted via one of the following methods only: (1) Central Fax, which can be found in the Conclusion section of this Office action; (2) regular postal mail; (3) EFS WEB; or (4) the service window on the Alexandria campus. EFS web is the recommended way to submit the form since this allows the form to be entered into the file wrapper within the same day (system dependent). Written authorization submitted via other methods, such as direct fax to the examiner or email, will not be accepted. See MPEP § 502.03.

Information Disclosure Statement
No Information Disclosure Statements (IDS) has been submitted with the instant application.

Priority
The instant application, filed 09/06/2018, does not claim priority.

Drawings
The submitted drawings, filed 09/06/2018, are acceptable for the examination purpose.

Response to Arguments
In response to the pending objection to the disclosure, Applicant amended the specification to correct the informality. Accordingly, the objection is withdrawn.
In response to the pending objections to Claims 1, 12, and 14, Applicant amended the claims to address the Examiner’s concerns. Accordingly, the objections are withdrawn.
In response to the pending rejections under 35 U.S.C. 103, Applicant amended Claims 1, 12, and 14. Since the newly amended Claims changed the scope and necessitated new grounds of rejection, Applicant’s arguments are moot in view of the newly applied references.
The Examiner has introduced a new ground of rejection under 35 USC § 101 as being directed to an abstract idea. The new ground of rejection is neither necessitated by Applicant’s amendment of the claims, nor based on information submitted in an information disclosure statement. Accordingly this action is made as non-final.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more. 
Independent Claim 1 of the instant application asserts to be directed to at least one statutory category (a process or method), and its underlying elements include: a “method of providing privacy disclosure to a user, the method comprising: (i) receiving user privacy information related to an application or service handling of user privacy, (ii) populating a formatted declaration based on the user privacy information to form a populated formatted declaration, and (iii) providing privacy disclosure to the user based on the populated formatted declaration.”
These limitations are directed to an abstract idea because they recite an abstract idea. Particularly each of the aforementioned limitations are directed to an abstract idea itself, infringeable mentally or through basic human interaction, and are thus categorized as a mental process and/or certain methods of organizing human activity. For example, step (i) is infringed on by an officer reading a paper containing a company’s privacy policy (mental process), step (ii) is infringed by the officer formulating a sentence to speak describing the important aspects of the privacy policy (mental process), and step (iii) is infringed by the officer speaking the formulated sentence to the customer (fundamental human interaction). Thus, the claim recites an abstract idea, as a whole. 
While the claim recites the additional element “computer device implemented method”, the additional element fails to integrate the abstract idea into a practical application because the additional element fails to provide any improvement to a technology, and merely generally links the abstract idea to a particular environment (see, for example, buySAFE Inc. v. Google, Inc., 765 F.3d 1350, 1354, 112 USPQ2d 1093, 1095-96 (Fed. Cir. 2014); FairWarning v. Iatric Sys., 839 F.3d 1089, 1094-95, 120 USPQ2d 1293, 1295 (Fed. Cir. 2016)) and are mere instructions to apply the judicial exception.
Therefore, Claim 1 does not recite patent-eligible subject matter under 35 U.S.C. 101 as the claim is directed to an abstract idea without significantly more than the judicial exception.
Claims 2-11 depend on the method of Claim 1, and as a result the rejection thereof is incorporated. Therefore, Claims 2-11 do not recite patent-eligible subject matter under 35 U.S.C. § 101.
Claim 12 is directed to at least one statutory category (article of manufacture or device). However, said Claim recites the same mental process as identified with regard to Claim 1. Thus, the instant claim under consideration is also directed to an abstract idea without significantly more than the judicial exception.
For the same reasons set forth above for Claim 1, and taking all the additional claim elements individually and in combination, the instant Claim as a whole does not amount to significantly more than attempting to broadly cover the concept of using machine learning to implement an analysis of what a human security analyst would have performed in the mind. 
Therefore, the Claim under consideration does not recite patent-eligible subject matter under 35 U.S.C. § 101.
Claim 13 depends on Claim 12, and as a result the rejection thereof is incorporated. Therefore, Claim 13 does not recite patent-eligible subject matter under 35 U.S.C. § 101.
Claim 14 alleges to be directed to at least one statutory category (machine or computer system). However, said Claim recites the same mental process as identified with regard to Claim 1. Thus, the instant claim under consideration is also directed to an abstract idea without significantly more than the judicial exception.
For the same reasons set forth above for Claim 1, and taking all the additional claim elements individually and in combination, the instant Claim as a whole does not amount to significantly more than attempting to broadly cover the concept of using machine learning to implement an analysis of what a human security analyst would have performed in the mind. 
Therefore, the Claim under consideration does not recite patent-eligible subject matter under 35 U.S.C. § 101.
Claims 15-20 depend on Claim 14, and as a result the rejection thereof is incorporated. Therefore, Claims 15-20 do not recite patent-eligible subject matter under 35 U.S.C. § 101.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Examiner’s note: text in bold correspond to the cited prior art reference, ad verbatim. Comments in brackets { } include the Examiner’s mapping of the claimed feature to the cited reference, and observations thereof. 
Claims 1, 12 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. PGPub No. 2005/0091101 (Epling) in view of U.S. PGPub No. 2013/0096938 (Stueckemann).
Referring to independent Claims 1, 12 and 14
Regarding Claim 1, Epling teaches a computer device implemented method of providing privacy disclosure to a user, the method comprising:
receiving user privacy information related to an application or service handling of user privacy (Epling discloses a privacy policy that deals with personal information {i.e. privacy information} that is stored on a machine-readable medium. [¶ 10]. Personal data includes, but is not limited to, personal private data (such as social security number, telephone number, etc.), financial data (such as credit card data, bank data, insurance data, etc.), health data (doctor's information, personal health condition data, etc.), and the like. [¶ 18]. The concerns 120 {i.e. privacy information related to an application or service handling} are a list of one or more privacy concerns identified by the user. The user sets up the concerns 120 via the concerns settings UI 117 in the browser 115. For example, a user might be concerned that personal information such as the user's address and telephone number may be distributed by the site to marketers who will use the personal data to market products to the user. Another example of a concern is that a user may be concerned with any Web site that stores the user's credit card data on a Web site server after the user has purchased an item through the site with a credit card. [¶ 27].);
providing privacy disclosure to the user [[based on the populated formatted declaration]] (Epling discloses transformation module 124 is configured to perform an XSL (extensible Stylesheet Language) transformation on the privacy policy file 110, which is typically stored as an XML (extensible Markup Language) file. The transformation module 124 is also configured to rearrange the data included in the privacy policy file 110 according to the concerns 120 set up by the user. In other words, the transformation module 124 is configured to place privacy policy statements that match user concerns at the beginning of a display {i.e. providing a privacy disclosure} shown on a user interface and to place the remainder of the privacy policy at the end of the display. [¶ 30]. The UI module 122 is configured to present a user interface on the display 114 according to the manner in which the transformation module 124 orders the elements to be displayed {i.e. providing a privacy disclosure}. [¶ 31]. Some browsers that are P3P-enabled can access the XML file and transform the policies into a human-readable format for presentation to a user. [¶ 7].).
Epling does not explicitly teach the following feature that Stueckemann teaches:
populating a formatted declaration based on the user privacy information to form a populated formatted declaration (Consistent with the disclosure, the Examiner interprets the term "declaration" as "form", "document", "expression", "statement" or "notification". Similarly, the term "formatted" is construed as "defined". See OneLook.com. Stueckemann discloses a patient's confidential health information {i.e. privacy information}. [¶ 6]. [A] predefined {i.e. formatted} form {i.e. declaration} can be populated based on the patient information. [¶ 47]. [T]he prescription manager 10 can maintain a list of predefined forms used by different healthcare providers for different prescription products and/or services. Such predefined forms can be stored in electronic format (e.g., as Adobe Portable Document Format (PDF) files)... [¶ 52]. For example, as described above with reference to FIG. 1, the insurance authorization forms can be stored in data stores 7312 in electronic format (e.g., as PDF, text, extensible markup language (XML) {i.e. formatted declaration}, binary data, comma separated data {i.e. formatted declaration}, or any other applicable electronic formats). Other information, such as information concerning patients (e.g., patient records {i.e. suggests privacy information}, such as names, addresses, medical histories, insurance providers, or the like of the patients), healthcare providers (e.g., names, practice fields, specializations, hospital or medial facility affiliations, or the like of the healthcare providers), or prescription products or services (e.g., recommended dosages, possible side effects, treatment procedures, manufactures, or the like of the prescription products) can also be stored in data stores 7312. A data store 7312 can be any applicable type of storage device, such as internal or external or network drives. As disclosed herein, for illustration, data store 7312 can further include an electronic medical record system (EMR) {i.e. formatted declaration}. [¶ 90]. All systems are HIPAA-validated to ensure privacy {i.e. suggests privacy information} and comply with all pharmacy requirements. [¶ 211].); and
providing privacy disclosure to the user based on the populated formatted declaration (Stueckemann discloses consent pop-up 3900 {i.e. privacy disclosure; Examiner notes consent pop-up contains health information including diagnosis, date of birth and gender}, shown in FIG. 39... provides the patient the ability to consent to or deny the disclosure of health information to the third parties... [¶ 150].).
Epling and Stueckemann are from a similar field of technology. Prior to the instant application’s effective filing date, it was desirable to improve on service [that] is inconvenient, time consuming, and requires numerous people to process and transfer the necessary paperwork as well as potentially exposes multiple people to the patient's confidential health information. [Stueckemann; ¶ 6].
Therefore, it would have been obvious to include the predefined forms of Stueckemann in the method for user-tailored presentation of privacy policy data of Epling in order to protect the patient's confidential health information.
Regarding Claim 12, it is a computer readable storage device claim that corresponds to method Claim 1, and is therefore rejected with the same rationale and motivation as above. The Examiner also notes the instant disclosure specifies “a propagating signal by itself does not qualify as storage media.” Specification p. 4, ¶ 14.
Regarding Claim 14, it is a system claim that corresponds to method Claim 1, and is therefore rejected with the same rationale and motivation as above. The Examiner also notes the instant disclosure specifies “a propagating signal by itself does not qualify as storage media.” Specification p. 4, ¶ 14.
Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over U.S. PGPub No. 2005/0091101 (Epling) in view of U.S. PGPub No. 2013/0096938 (Stueckemann) and further in view of U.S. Patent No. 6,675,353 (Friedman).
Referring to Claim 11
Regarding Claim 11, the combination of Epling and Stueckemann teaches the method of Claim 1.
The previous combination does not explicitly teach the following feature that Friedman teaches:
wherein the formatted declaration is a standardized formatted declaration (Friedman discloses managing and coordinating the generation {i.e. populating} of namespace declarations {i.e. formatted declaration} and prefix allocations involved in generating an XML document {i.e. standardized formatted declaration}. [col. 3 @ 24-26]. XML is a derivative of Standard Generalized Markup Language (SGML) that provides a uniform method for describing and exchanging structured data in an open, text-based format. XML utilizes the concepts of elements and namespaces. Compared to HTML, which is a display-oriented markup language, XML is a general purpose language for representing structured data without including information that describes how to format the data for display. [col. 1 @ 17-26].).
Epling, Stueckemann and Friedman are from a similar field of technology. Prior to the instant application’s effective filing date, it was desirable to avoid the process of building the entire tree structure before generating an XML document itself. [Friedman; col. 3 @ 12-17].
Therefore, it would have been obvious to include the XML document generating features of Friedman in the method for user-tailored presentation of privacy policy data of Epling in order to avoid consuming a great deal of memory and processor time.
Claims 2, 3, 4, 5, 13, 15, 16 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. PGPub No. 2005/0091101 (Epling) in view of U.S. PGPub No. 2013/0096938 (Stueckemann) and further in view of U.S. PGPub No. 2014/0119540 (Pearson).
Referring to Claims 2 and 15
Regarding Claim 2, the combination of Epling and Stueckemann teaches the method of Claim 1.
The previous combination does not explicitly teach the following feature limitation that Pearson teaches:
wherein the user privacy information related to the application or service handling of user privacy is based on a storage policy of the application or service (Pearson discloses privacy policies for treating private data (or attributes of the private data)... [¶ 9]. The data store 112 stores data used by the client 110. Examples of the data stored in the data store 112 include private data and associated privacy policies. [¶ 17]. The data store 128 stores data used by the service provider 120. Examples of the data stored in the data store 128 include decrypted private data, associated privacy policies... [¶ 22]. The data store 139 stores data used by the trust authority 130. Examples of the data stored in the data store 139 include privacy policies and the audit trail. [¶ 28]. The client 110 defines 405 a privacy policy for private data, encrypts 410 the private data {i.e. storage policy} resided thereon using a symmetric key K1, and transmits 415 the encrypted data to the storage service provider 350 to be stored at a location identified by a reference {i.e. storage policy}. [¶ 38].).
Epling, Stueckemann and Pearson are from a similar field of technology. Prior to the instant application’s effective filing date, it was desirable to [ensure] data disclosed online will be treated according to agreed policies. [Pearson; ¶ 1].
Therefore, it would have been obvious to include the policy-based data management features of Pearson in the method for user-tailored presentation of privacy policy data of Epling in order to ensure policy compliance.
Regarding Claim 15, the rejection of Claim 14 is incorporated. In addition, Claim 15 is a system claim that corresponds to method Claim 2, and is therefore rejected with the same rationale and motivation as above.
Referring to Claim 3
Regarding Claim 3, the combination of Epling, Stueckemann and Pearson teaches the method of Claim 2.
The previous combination further teaches:
wherein the storage policy includes an expiration policy of user data controlled by the application or service (Pearson discloses privacy policy can include various information relating to restricting access/usage of the associated private data, such as: (1) a list of acceptable trust authorities 130, (2) allowed usage of the private data, such as using the private data only for certain purposes, (3) prohibited usage of the private data, such as prohibiting sharing the private data with a particular entity, (4) an expiration date of the privacy policy... [¶ 11].).
Referring to Claim 4
Regarding Claim 4, the combination of Epling, Stueckemann and Pearson teaches the method of Claim 2.
The previous combination further teaches:
wherein the storage policy includes an encryption standard used to encrypt user data (Pearson discloses cryptographic module 114 encrypts a set of private data subject to a privacy policy into encrypted data by applying an encryption algorithm (e.g., a symmetric encryption algorithm as specified in ISO (International Standards Organization)/IEC (International Electrotechnical Commission) 18033-3)... [¶ 14].).
Referring to Claims 5 and 17
Regarding Claim 5, the combination of Epling and Stueckemann teaches the method of Claim 1.
The previous combination does not explicitly teach the following feature limitation that Pearson teaches:
wherein the user privacy information related to the application or service handling of user privacy is based on a sharing policy of the application or service (Pearson discloses [a] privacy policy can include various information relating to restricting access/usage of the associated private data, such as: (1) a list of acceptable trust authorities 130, (2) allowed usage of the private data, such as using the private data only for certain purposes, (3) prohibited usage of the private data, such as prohibiting sharing the private data with a particular entity... [¶ 11].).
Epling, Stueckemann and Pearson are from a similar field of technology. Prior to the instant application’s effective filing date, it was desirable to [ensure] data disclosed online will be treated according to agreed policies. [Pearson; ¶ 1].
Therefore, it would have been obvious to include the policy-based data management features of Pearson in the method for user-tailored presentation of privacy policy data of Epling in order to ensure policy compliance.
Regarding Claim 17, the rejection of Claim 14 is incorporated. In addition, Claim 17 is a system claim that corresponds to method Claim 5, and is therefore rejected with the same rationale and motivation as above.
Referring to Claim 13
Regarding Claim 13, the combination of Epling and Stueckemann teaches the device of Claim 12.
explicitly teach the following feature limitation that Pearson teaches:
wherein the user privacy information related to the application or service handling of user privacy is based on at least one of a storage policy of the application or service; a sharing policy of the application or service; an export policy of the application or service; a breach policy of the application or service; terms of use of the application or service; and a privacy policy of the application or service (Pearson discloses [a] privacy policy can include various information relating to restricting access/usage of the associated private data, such as: (1) a list of acceptable trust authorities 130, (2) allowed usage of the private data, such as using the private data only for certain purposes, (3) prohibited usage of the private data, such as prohibiting sharing the private data with a particular entity, (4) an expiration date of the privacy policy, (5) a security parameter of a computing platform being used by the service provider 120, (6) an action to be performed by the trust authority 130 such as communicating with the client 110 before providing a cryptographic key to the service provider 120, and (7) acceptable degrees of assurance to be provided by the service provider 120 about compliance to the privacy policy. [¶ 11].).
Epling, Stueckemann and Pearson are from a similar field of technology. Prior to the instant application’s effective filing date, it was desirable to [ensure] data disclosed online will be treated according to agreed policies. [Pearson; ¶ 1].
Therefore, it would have been obvious to include the policy-based data management features of Pearson in the method for user-tailored presentation of privacy policy data of Epling in order to ensure policy compliance.
Referring to Claim 16
Regarding Claim 16, the combination of Epling, Stueckemann and Pearson teaches the system of Claim 15.
Pearson further teaches:
wherein the storage policy includes at least one of an expiration policy of user data controlled by the application or service and an encryption standard used to encrypt user data. [a] privacy policy can include various information relating to restricting access/usage of the associated private data, such as: (1) a list of acceptable trust authorities 130, (2) allowed usage of the private data, such as using the private data only for certain purposes, (3) prohibited usage of the private data, such as prohibiting sharing the private data with a particular entity, (4) an expiration date of the privacy policy, (5) a security parameter of a computing platform being used by the service provider 120, (6) an action to be performed by the trust authority 130 such as communicating with the client 110 before providing a cryptographic key to the service provider 120, and (7) acceptable degrees of assurance to be provided by the service provider 120 about compliance to the privacy policy. [¶ 11]. Pearson further discloses cryptographic module 114 encrypts a set of private data subject to a privacy policy into encrypted data by applying an encryption algorithm (e.g., a symmetric encryption algorithm as specified in ISO (International Standards Organization)/IEC (International Electrotechnical Commission) 18033-3)... [¶ 14].).
Claims 6 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. PGPub No. 2005/0091101 (Epling) in view of U.S. PGPub No. 2013/0096938 (Stueckemann) and further in view of U.S. PGPub No. 2019/0018978 (Soylu).
Referring to Claims 6 and 18
Regarding Claim 6, the combination of Epling and Stueckemann teaches the method of Claim 1.
The previous combination does not explicitly teach the following feature limitation that Soylu teaches:
wherein the user privacy information related to the application or service handling of user privacy is based on an export policy of the application or service (Soylu discloses obtaining permissions to exchange privacy related information across jurisdictional boundaries. [Abstract]… [C]ontrolling the exchange of a file, containing one or more elements of privacy information (PI), between a data exporter and a data importer, is disclosed. [¶ 7]. [W]hen the PI jurisdictional boundary exists, one or more governing PI data policies between a first jurisdiction of the data exporter and a second jurisdiction of the data importer are analyzed to determine whether the one or more PI data policies specifies a file level exception for the PI data. When a file level exception exists, the file is transferred to the data importer. When a file level exception does not exist, a failure report is generated. [¶ 9].).
Epling, Stueckemann and Soylu are from a similar field of technology. Prior to the instant application’s effective filing date, there was a need for improved system and methods that allow data-subjects to see who is using their data and how many times it is exchanged… [and] also a need to assist data-subjects with blocking the current use of their data and for automatically preventing their data-set from being exchanged. [Soylu; ¶ 5].
Therefore, it would have been obvious to include the methods for exchanging privacy information across jurisdictional boundaries of Soylu in the method for user-tailored presentation of privacy policy data of Epling in order to ascertain that each individual record has sufficient clearance to be exported (moved across legal boundaries).
Regarding Claim 18, the rejection of Claim 14 is incorporated. In addition, Claim 18 is a system claim that corresponds to method Claim 6, and is therefore rejected with the same rationale and motivation as above.
Claims 7, 8, 9, 19 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. PGPub No. 2005/0091101 (Epling) in view of U.S. PGPub No. 2013/0096938 (Stueckemann) and further in view of U.S. PGPub No. 2019/0362069 (Park).
Referring to Claims 7 and 19
Regarding Claim 7, the combination of Epling and Stueckemann teaches the method of Claim 1.
The previous combination does not explicitly teach the following feature limitation that Park teaches:
wherein the user privacy information related to the application or service handling of user privacy is based on a breach policy of the application or service (Park discloses a cyber-security system may be configured to, in operation, analyze the privacy policy or privacy statement for each financial institution or other businesses associated with the consumer... [¶ 8]. [T]he cyber-security system 201 may determine when and through which means to notify a consumer of the risks of a data breach and/or evidence of a data breach and/or evidence of a data breach according to preset rules and strategies {i.e. breach policy}... [¶ 46].).
Epling, Stueckemann and Park are from a similar field of technology. Prior to the instant application’s effective filing date, there was a need for a consumer [to know] what information each website owner collects about the consumer and whether they share that information with third parties. [Park; ¶ 3].
Therefore, it would have been obvious to include the features for protecting confidential information of Park in the method for user-tailored presentation of privacy policy data of Epling to assist a consumer in keeping track of a consumer's accounts in order to prevent unauthorized access or use of the consumer's identified accounts.
Regarding Claim 19, the rejection of Claim 14 is incorporated. In addition, Claim 19 is a system claim that corresponds to method Claim 7, and is therefore rejected with the same rationale and motivation as above.
Referring to Claim 8
Regarding Claim 8, the combination of Epling and Stueckemann teaches the method of Claim 1.
The previous combination does not explicitly teach the following feature limitation that Park teaches:
wherein the user privacy information related to the application or service handling of user privacy is based on terms of use of the application or service (Park discloses a cyber-security system may be configured to, in operation, analyze the privacy policy or privacy statement for each financial institution or other businesses associated with the consumer... [¶ 8]. [S]ources of the consumer may be monitored to determine if something malicious or believed to breach the terms of use of the site has been detected. [¶ 42].).
Epling, Stueckemann and Park are from a similar field of technology. Prior to the instant application’s effective filing date, there was a need for a consumer [to know] what information each website owner collects about the consumer and whether they share that information with third parties. [Park; ¶ 3].

Referring to Claim 9
Regarding Claim 9, the combination of Epling and Stueckemann teaches the method of Claim 1.
The previous combination does not explicitly teach the following feature limitation that Park teaches:
wherein the user privacy information related to the application or service handling of user privacy is based on a privacy policy of the application or service (Park discloses a cyber-security system may be configured to, in operation, analyze the privacy policy or privacy statement for each financial institution or other businesses associated with the consumer... [¶ 8]. FIG. 7 illustrates an exemplary method for analyzing privacy policies of discovered consumer accounts... [¶ 17].).
Epling, Stueckemann and Park are from a similar field of technology. Prior to the instant application’s effective filing date, there was a need for a consumer [to know] what information each website owner collects about the consumer and whether they share that information with third parties. [Park; ¶ 3].
Therefore, it would have been obvious to include the features for protecting confidential information of Park in the method for user-tailored presentation of privacy policy data of Epling to assist a consumer in keeping track of a consumer's accounts in order to prevent unauthorized access or use of the consumer's identified accounts.
Referring to Claim 20
Regarding Claim 20, the combination of Epling and Stueckemann teaches the system of Claim 14.
The previous combination does not explicitly teach the following feature limitation that Park teaches:
at least one of terms of use of the application or service and a privacy policy of the application or service (Park discloses a cyber-security system may be configured to, in operation, analyze the privacy policy or privacy statement for each financial institution or other businesses associated with the consumer... [¶ 8]. [S]ources of the consumer may be monitored to determine if something malicious or believed to breach the terms of use of the site has been detected. [¶ 42]. Park further discloses a cyber-security system may be configured to, in operation, analyze the privacy policy or privacy statement for each financial institution or other businesses associated with the consumer... [¶ 8]. FIG. 7 illustrates an exemplary method for analyzing privacy policies of discovered consumer accounts... [¶ 17].).
Epling, Stueckemann and Park are from a similar field of technology. Prior to the instant application’s effective filing date, there was a need for a consumer [to know] what information each website owner collects about the consumer and whether they share that information with third parties. [Park; ¶ 3].
Therefore, it would have been obvious to include the features for protecting confidential information of Park in the method for user-tailored presentation of privacy policy data of Epling to assist a consumer in keeping track of a consumer's accounts in order to prevent unauthorized access or use of the consumer's identified accounts.
Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over U.S. PGPub No. 2005/0091101 (Epling) in view of U.S. PGPub No. 2013/0096938 (Stueckemann) and further in view of U.S. PGPub No. 2012/0297441 (Boldyrev).
Referring to Claim 10
Regarding Claim 10, the combination of Epling and Stueckemann teaches the method of Claim 1.
The previous combination does not explicitly teach the following feature limitation that Boldyrev teaches:
various privacy policies may be based on different rules, verification methods, encoding and decoding mechanisms, etc. [¶ 44].).
Epling, Stueckemann and Boldyrev are from a similar field of technology. Prior to the instant application’s effective filing date, there was a need for an approach for providing end-to-end privacy in multi-level distributed computations. [Boldyrev; ¶ 5].
Therefore, it would have been obvious to include the features for providing end-to-end privacy of Boldyrev in the method for user-tailored presentation of privacy policy data of Epling in order to provide enforcement of the one or more privacy policies.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Refer to PTO-892, Notice of References Cited for a listing of analogous art.
US 20150286790 (Ahmad; Asif et al.) - various forms may be auto populated based on information the patient has stored at a patient engagement hub. The forms may include consent forms for treatment, privacy notices, or other forms for use by the customer.
US 20150012289 (Ben; Pranam) - forms may be auto populated based on information the patient has stored. The patient notification module 316 may provide a user with notifications and/or forms that the customer has provided for them, e.g. consent forms.
US 20180157748 (Privitera; Mary Beth) - populates data collection forms as required. The Proposed Computer Application may require that all participants sign patient confidentiality forms.
US 20130179990 (Kritt; Barry A. et al.) - markup language form may be populated with confidential information.
US 20060041590 (King; Martin T. et al.) - auto-populates the fields of the form from the user's information and provides a copy of a provider's privacy policy.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RICHARD W CRUZ-FRANQUI whose telephone number is (313)446-6571.  The examiner can normally be reached on M-F 5:30-2:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on (571)272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/RICHARD W CRUZ-FRANQUI/Examiner, Art Unit 2498                      

/YIN CHEN SHAW/Supervisory Patent Examiner, Art Unit 2498