Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION

Status of Claims
Claims 2-21 are subject to examination.  
Claim 1 is cancelled.  

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).

http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.  
Claims 2-21 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10528755. Although the claims at issue are not identical, they are not patentably distinct from each other because the patent claims anticipate the claims of this application.
Claim of the Patent 
Claim of this application
1.  A method comprising: configuring, by one or more processors, a first 
memory, the first memory storing personal identifiable information (PII);  
configuring a second memory, the second memory storing non-PII;  configuring a 
firewall to control access to the first memory, the firewall being configured 
to: deny direct access by a service application to the first memory, and allow 
indirect access by the service application to the first memory via one or more 
internal services;  and configuring the firewall to control access to the 
second memory, the firewall being configured to allow direct access by the 
service application to the second memory.
2. A computer-implemented method comprising: receiving, by one or more hardware processors, a download request from a device requesting to download a first set of personal identifiable information stored in a memory protected by a firewall configured to control access to the memory; applying, by the firewall implemented by the one or more hardware processors, a data size limit rule to determine that a data size of the first set of personal identifiable information requested by the download request exceeds a data size threshold; and preventing, by the firewall implemented by the one or more hardware processors, the device from downloading the first set of personal identifiable information from the memory based at least in part on the data size limit rule.



The claims 2-20 of the patent of this application are similar to the claims 3-21 of this application.
Claims 2-21 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10043031. Although the claims at issue are not identical, they are not patentably distinct from each other because the patent claims anticipate the claims of this application.
Claim of the Patent 
Claim of this application
1.  A method comprising: configuring, by one or more processors, a first 
memory according to a first table, each entry in the first table comprising a 
physical location identifier and information about a physical location;  
configuring, by the one or more processors, a second memory according to a 
second table, each entry in the second table comprising the physical location 
identifier and an account identifier of a user for accessing a network service, 
the first table and the second table being configured to separate profile 
information of the user from address information of the user;  and configuring, 
by the one or more processors, a firewall to control access to the second 
memory, the firewall defining an authentication zone that includes the second 
memory and does not include the first memory, the firewall being configured to 
allow access to the second memory by one or more internal services of the 
network service and to deny direct access by the user to the second memory.
2. A computer-implemented method comprising: receiving, by one or more hardware processors, a download request from a device requesting to download a first set of personal identifiable information stored in a memory protected by a firewall configured to control access to the memory; applying, by the firewall implemented by the one or more hardware processors, a data size limit rule to determine that a data size of the first set of personal identifiable information requested by the download request exceeds a data size threshold; and preventing, by the firewall implemented by the one or more hardware processors, the device from downloading the first set of personal identifiable information from the memory based at least in part on the data size limit rule.



The claims 2-20 of the patent of this application are similar to the claims 3-21 of this application.
 “A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim”. 
In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Bern, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). '' ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001).
Applicant’s remarks dated 3/24/21 are noted. However, for the concern “provide appropriate explanation for anticipation”; as seen above the claims are rejected for the anticipation and the table shows the comparison for the anticipation. Regarding applicant’s concern for “data size limit rule”, Applicant failed to consider what the claim accomplishes. The claimed “data size threshold” is not limited to any particular threshold/value. Hence, when the threshold can have value such as “zero” or anything such as “infinite”. When the threshold is “zero”/”negative”, the firewall merely prevents the downloading. When the threshold is very huge such as “infinite”, then the firewall merely allows each and every downloading. Applicant also failed to consider that the claimed data size threshold is not limited to any particular value/threshold along with that the claim claims “comprising”, meaning the rule is not limited to only “data size threshold”. What is claimed is the preventing step is based on the “data size limit rule” and not the outcome of the “determining … exceeds a data size threshold”. Applicant also failed to consider that “a data size threshold” is not part of “a data size limit rule”; and the “preventing step” in only relying on “data size limit rule” but not “threshold”.


Specification
The amendment to the specification dated 3/24/21 is acknowledged.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claim(s) 2, 3, 6, 7, 10, 11, 14, 15, 18, and 19, is/are rejected under 35 U.S.C. 103 as being unpatentable over Dos Santos et al., 2016/0306827, IBM, in view of Cook 2015/0193638 and Official Notice.
Referring to claim(s) 2, 10, 18, Dos-Santos-IBM discloses a system, comprising: a memory comprising instructions; and one or more hardware processors, wherein the instructions, when executed by the one or more hardware processors, cause the one or more hardware processors to: a computer-implemented method comprising: a non-transitory machine-readable storage medium including instructions that, when executed by one or more hardware processors, causes the one or more hardware processors to:
receiving, by a hardware processor, a download request from a device (client 114, figure 1) requesting to download a first set of personal identifiable information (PII, para 47, SS#, para 27, for download para 48) stored in a memory protected by an entity configured to control access to the memory (memory 135 having data module with rule module, figure 1, para 43); applying, by the entity implemented by the one 
Dos-Santos-IBM and Cook do not specifically mention about firewall. One of ordinary skilled in the art, would readily know what a firewall is, which has been well-known in the art for more than a decade and used around the world. Applicant’s remarks 3/24/21 also did not contain any concern for the official notice, as the firewall has been in use for long time around the world.
In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted network and an untrusted network, such as the Internet.
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Dos-Santos-IBM to include firewall and also one of ordinary skill in the art would have been motivated to do so because it could provide 

Referring to claim(s) 3, 11, 19, Dos-Santos-IBM discloses receiving the download request to download the first set of personal identifiable information that is user profile information or confidential information (SS#, para 27, 77).

Referring to claim(s) 6, 14, Dos-Santos-IBM discloses receiving, by the one or more hardware processors, a second download request requesting to obtain a second set of personal identifiable information (PII, para 47, SS#, para 27, for download para 48) stored in the memory protected by the firewall that controls access to the memory (memory 135 having data module with rule module, figure 1, para 43); applying, by the entity implemented by the one or more hardware processors, the data size limit rule (one of the data rule that checks the format which includes size, hyphens, number of digits, etc, para 77) to determine that a data size of the second set of personal identifiable information requested by the second download request satisfies the data size threshold (the format of the SS#, PII, which includes size, hyphens, number of digits, etc, para 77); and communicating, by the one or more hardware processors, the second set of personal identifiable information based at least in part on the data size limit rule being satisfied (valid PII SS#, which has correct format including size, number of digits, hyphens, etc are provided, para 27, 77). Cook also discloses, to provide (selectively providing/restricting access to portions of PII data, para 32, 61). Claim 1 contains Official Notice regarding well-known utilizing of firewall.

 Referring to claim(s) 7, 15, Dos-Santos-IBM discloses receiving the second download request that requests to download the second personal identifiable information that is user profile information or confidential information (SS#, para 27, 77).

Claim(s) 4, 8, 12, 16, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Dos-Santos-IBM in view of Cook, Official Notice and Bousamra et al., 20130212381.
Referring to claim(s) 4, 12, 20, Dos-Santos-IBM and Cook do not disclose, which is well-known in the art, which Bousamra discloses, receiving the download request that comprises a security certificate, wherein the device is prevented from downloading the first set of personal identifiable information based at least in part on the security certificate, para 47. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Dos-Santos-IBM to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known use of the certificate. The security certificate would enable precluding certain data from access. This would enable specifying and not allowing access/communication to the certain data by specified entities, para 22, 77. 

Referring to claim(s) 8, 16, Dos-Santos-IBM and Cook do not disclose, which is well-known in the art, which Bousamra discloses, receiving the second download request that comprises a security certificate, wherein the second set of personal identifiable information is communicated based at least in part on the security certificate, para 47. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Dos-Santos-IBM to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known use of the certificate. . 
  
 Claim(s) 5, 9, 13, 17, 21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Dos-Santos-IBM in view of Cook, Official Notice and Spaulading et al., 20170270317.
Referring to claim(s) 5, 13, 21, Dos-Santos-IBM and Cook do not disclose, which is well-known in the art, which Bousamra discloses, receiving the download request from a service application associated with the device, para 57. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Dos-Santos-IBM to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known use of the service application. The service application would enable protection of data that is accessed. This would enable service application securely handling sensitive data and not exposing to others, para 57. 

 Referring to claim(s) 9, 17, Dos-Santos-IBM and Cook do not disclose, which is well-known in the art, which Bousamra discloses, receiving the second download request from a service application that associated with the device, para 57. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Dos-Santos-IBM to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known use of the service application. The service application would enable protection of data that is accessed. This would enable service application securely handling sensitive data and not exposing to others, para 57. 


Response to Arguments
Applicant's arguments filed 3/24/21, pages 8-13 have been fully considered but they are not persuasive.  Therefore, rejection of claims 2-21 is maintained. 
Regarding Applicant’s remarks dated 3/24/21,
Applicant respectfully submits that the cited references do not teach or suggest, either alone or in combination, all the features recited in independent claims 2, 10, and 18. For example, the cited references do not teach or suggest “applying ... a data size limit rule to determine that a data size of the first set of personal identifiable information requested by the download request exceeds a data size threshold,” nor “preventing ... the device from downloading the first set of personal identifiable information from the memory based at least in part on the data size limit rule,” as recited in independent claim 2 and similarly recited in independent claims 10 and 18.
However, as per the remarks, Applicant failed to consider what the claim accomplishes. What is claimed is: the claimed “data size threshold” that is not limited to any particular threshold/value. 
One of ordinary skilled in the art would readily know that the threshold can be, such as “zero” or anything such as “infinite”. 
Since the applicant’s claimed threshold is open to “zero”/”negative”, the firewall merely prevents each and every downloading (blocking). 
Since the applicant’s claimed threshold is open to very huge such as “infinite”, the firewall merely allows each and every downloading. 
Applicant also failed to consider that that the claim claims “comprising” in combination that the claimed data size threshold is not limited to any particular value/threshold along; meaning the rule is not limited to only for “data size threshold”. 
What is claimed is the preventing step is based on the “data size limit rule” and not the outcome of the “determining … exceeds a data size threshold”. 
“a data size threshold” is not part of “a data size limit rule”. The “preventing step” in only relying on “data size limit rule” but not “threshold”.
Applicant also failed to consider that the claimed download request is not limited to any particular way of requesting, i.e., wireless, wired, via network connection etc.
Applicant also failed to consider that the claimed device is not limited to any particular device, local device, remote device, ipad, iphone, laptop, server, etc.
Applicant also failed to consider that the claimed personal identifiable information is not limited to any particular size, different than address, associated with any particular person, etc.
Applicant also failed to consider that the claimed data size limit rule is not limited to only determine size of the PII, etc.
Applicant also failed to consider that the outcome of determination of the data size using the data size threshold is never used.  
 Applicant also failed to consider that the preventing is done regardless of what the data size limit rule is. Say the rule is to allow downloading of every information; then also the preventing step merely prevents the downloading. Say the rule is to not allow downloading of any information; then also the preventing step merely prevents the downloading.
Applicant also failed to consider that the applying step merely implements the rule, which cannot stop the preventing step from execution.  

Dos-Santos-IBM discloses a system, comprising: a memory comprising instructions; and one or more hardware processors, wherein the instructions, when executed by the one or more hardware processors, cause the one or more hardware processors to: a computer-implemented method comprising: a non-transitory machine-readable storage medium including instructions that, when executed by one or more hardware processors, causes the one or more hardware processors to:

Dos-Santos-IBM and Cook do not specifically mention about firewall. One of ordinary skilled in the art, would readily know what a firewall is, which has been well-known in the art for more than a decade and used around the world. 

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Dos-Santos-IBM to include firewall and also one of ordinary skill in the art would have been motivated to do so because it could provide restriction for access of data. Certain data would be precluded from access. This would enable specifying and not allowing access to the certain data by specified entities, by utilizing the well-known firewall.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARESH PATEL whose telephone number is (571)272-3973.  The examiner can normally be reached on M-F 9-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 5712723862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/HARESH N PATEL/Primary Examiner, Art Unit 2493