DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION

The following is a final office action in response to communications received 04/13/2021. None of the claims have been amended. Therefore, claims 1-20 are pending and addressed below.


Response to Arguments
Applicant’s arguments filed 03/13/2018 have been fully considered but they are not persuasive. Applicant argues that (1) the combination of Hughes and Mohajeri does not disclose (1) a PII Schema Service, 2) a plurality of schemas stored in a database (3) a privacy policy for each of the plurality of schemas for a different country or region, (4) Mohajeri does not disclose a multi-country data pipeline configured to protect Personally Identifying Information (PII)…comprising a plurality of publisher methods…comprises a Java published software development kit and REST API.

In response to argument (1), Examiner respectfully disagrees. Hughes discloses the privacy server is located in Canada…and includes modules to support a PII registration process…where the privacy server generates and uses a token…e.g. an education application 

In response to argument (2), Examiner respectfully disagrees. Hughes discloses the privacy server uses the token to locate the PII that corresponds to the token stored in the PII database and substitutes the appropriate PII…The user’s communications with the application pass through the privacy server…the privacy server replaces the PII with ta random token or identifier and maintains the PII in the local PII database…see par. 24, 39. Therefore Examiner maintains that Hughes does disclose this limitation.

In response to argument (3), Examiner respectfully disagrees. Hughes discloses the user’s computer system and the privacy server are located in Canada and that the application server is located in the United States, see par. 21. Therefore Examiner maintains that Hughes does disclose this limitation.

In response to argument (4), Applicant’s arguments are persuasive. Therefore Examiner withdraws the prior art(s) rejection set forth in the previous office action for claims 1-7.


Double Patenting


The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.   A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. 

Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).

Claims 1-20 are provisionally rejected on the ground of nonstatutory double patenting over claims 1-20 of copending application No. 16522512. This is a provisional double patenting rejection since the conflicting claims have not in fact been patented.


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –



Claims 8-20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Hughes et al (Pub. No. US 2015/0150144). The applied reference has a common applicant with the instant application. Based upon the earlier effectively filed date of the reference, it constitutes prior art under 35 U.S.C. 102(a)(2). This rejection under 35 U.S.C. 102(a)(2) might be overcome by: (1) a showing under 37 CFR 1.130(a) that the subject matter disclosed in the reference was obtained directly or indirectly from the inventor or a joint inventor of this application and is thus not prior art in accordance with 35 U.S.C. 102(b)(2)(A); (2) a showing under 37 CFR 1.130(b) of a prior public disclosure under 35 U.S.C. 102(b)(2)(B) if the same invention is not being claimed; or (3) a statement pursuant to 35 U.S.C. 102(b)(2)(C) establishing that, not later than the effective filing date of the claimed invention, the subject matter disclosed in the reference and the claimed invention were either owned by the same person or subject to an obligation of assignment to the same person or subject to a joint research agreement.

As per claim 8, Hughes discloses a multi-country data pipeline configured to protect Personally Identifying Information (Pll) for each user in a plurality of users, comprising: physically located in a first country (the user’s computer system and the privacy server are located in Canada and the application server is located in the United States…see par. 21): a first application configured to: receive entered data from a user, wherein the entered data and the user are physically located in the first country and the entered data comprises non-personal data and Pll (…teacher registers a student by entering the student’s information, including PII…see par. 27-28), receive a schema, from a third country, containing the privacy policy for the first country (…see par. 19, 21, 27), identify the non-personal data and the Pll in the entered data using the schema, and transmit an anonymized data through the multi-country data pipeline from the first country to an analytic functions in a second country (…the privacy server creates a token or identifier that does not disclose the private information…see par. 19, 21, 38), a deidentification system configured to: generate, using a one-way hash, an Identification (ID) tag for the Pll in the entered data, and create the anonymized data by replacing the Pll, in the entered data, with the ID tag for the Pll (…the privacy server replaces the PII with a random or pseudo-random token or identifier…the privacy server maintains the PII in the local PII database and associates the PII for a particular user with an identifier for that user…see par. 23), an identity store configured to: store the ID tag and the Pll in a first database, and return the Pll when the ID tag is received (…see par. 24, 37, 39), a second application configured to: upon authenticating the user, transmit the ID tag to a reidentification system, combine the Pll received from the reidentification system with a results to create an identified results (…the privacy server users the token to locate the PII that corresponds to the token stored in the PII database and substitutes the appropriate PII…for example, if the teacher requests a report for a class of students, then the teacher may provide a class identifier, such as a class name or course number to the application…see par. 39), and perform an action for the user based on the identified results (…see par. 27, 39), the reidentification system configured to: receive the ID tag from the second application (…the application hosted by the application server receives the token form the privacy server and uses it to identify a user…the application generates a report and substitutes the student’s names for the tokens prior to providing the report to the teacher…see par. 23, 39), transmit the ID tag to the Identify data store (…the data layer stores the PII identifier and the e-mail domain in the local database…see par. 37), receive from the identity data store the Pll associated with the ID tag (…the privacy server receives a communication form the application server that includes a token…see par. 39), and transmit the Pll to the second application (…a user may access an application hosted on the application server, such as a cloud-based application…the application generates a report and substitutes the student’s names for the tokens prior to providing the report to the teacher see par. 23, 39); physically located in the second country: the analytic functions configured to: generate the results based on the anonymized data, create an anonymized results by adding the ID tag to the results, wherein the anonymized results contains no Pll (…the application treats the token as a student identifier…the token is maintained in the LMS database so that the student’s performance and progress can be tracked… if the teacher requests a report for a class of students, then the teacher may provide a class identifier, such as a class name or course number to the application…see par. 35, 39), and transmit the anonymized results through the multi-country data pipeline from the second country to the second application in the first country (…see par. 21, 46); and physically located in the third country:
a Pll Schema Service comprising a plurality of schemas stored in a second database, wherein each schema in the plurality of schemas identifies a privacy policy for a different country or region (…see the relationship between the user’s computer system, the privacy server and the application server…that are located in in different countries…see par. 21…if the determination is that the communication includes PII, then the privacy server intercepts the communication…the privacy server extracts the PII and creates a PII identifier…see par. 21, 41).


As per claim 15, Hughes discloses a multi-country data pipeline configured to keep Personally Identifying Information (Pll) for each user in a plurality of users in a first country, comprising: physically located in the first country (the user’s computer system and the privacy server are located in Canada and the application server is located in the United States…see par. 21): a first application configured to: receive entered data from a user, wherein the entered data and the user are physically located in the first country and the entered data comprises non-personal data and Pll (…teacher registers a student by entering the student’s information, including PII…see par. 27-28), receive a schema, from a third country, containing the privacy policy for the first country (…see par. 19, 21, 27), identify the non-personal data and the Pll in the entered data using the privacy policy in the schema for the first country, and transmit an anonymized data through the multi-country data pipeline from the first country to an analytic functions in a second country (…the privacy server creates a token or identifier that does not disclose the private information…see par. 19, 21, 38); a deidentification system configured to: generate an Identification (ID) tag for the Pll in the entered data, and create the anonymized data by replacing the Pll, in the entered data, with the ID tag for the Pll (…the privacy server replaces the PII with a random or pseudo-random token or identifier…the privacy server maintains the PII in the local PII database and associates the PII for a particular user with an identifier for that user…see par. 23); an identity store configured to: store and associate the ID tag and the Pll in a first database, and return the Pll when the ID tag is received (…see par. 24, 37, 39), a second application configured to: upon authenticating the user, transmit the ID tag to a reidentification system, combine the Pll received from the reidentification system with a results to create an identified results (…the privacy server users the token to locate the PII that corresponds to the token stored in the PII database and substitutes the appropriate PII…for example, if the teacher requests a report for a class of students, then the teacher may provide a class identifier, such as a class name or course number to the application…see par. 39), and perform an action for the user based on the identified results (…see par. 27, 39), the reidentification system configured to: receive the ID tag from the second application (…the application hosted by the application server receives the token form the privacy server and uses it to identify a user…the application generates a report and substitutes the student’s names for the tokens prior to providing the report to the teacher…see par. 23, 39), transmit the ID tag to the identify data store (…the data layer stores the PII identifier and the e-mail domain in the local database…see par. 37), receive from the identity data store the Pll associated with the ID tag (…the privacy server receives a communication form the application server that includes a token…see par. 39), and transmit the Pll to the second application (…a user may access an application hosted on the application server, such as a cloud-based application…the application generates a report and substitutes the student’s names for the tokens prior to providing the report to the teacher see par. 23, 39); physically located in the second country: the analytic functions configured to: generate the results based on the anonymized data, create an anonymized results by adding the ID tag to the results, wherein the anonymized results contains no Pll (…the application treats the token as a student identifier…the token is maintained in the LMS database so that the student’s performance and progress can be tracked… if the teacher requests a report for a class of students, then the teacher may provide a class identifier, such as a class name or course number to the application…see par. 35, 39), and transmit the anonymized results through the multi-country data pipeline from the second country to the second application in the first country (…see par. 21, 46), and transmit the anonymized results through the multi-country data pipeline from the second country to the second application in the first country (…see par. 21, 46); and physically located in the third country: a Pll Schema Service comprising a plurality of schemas stored in a second database, wherein each schema in the plurality of schemas identifies a privacy policy for a different country or region (…see the relationship between the user’s computer system, the privacy server and the application server…that are located in in different countries…see par. 21…if the determination is that the communication includes PII, then the privacy server intercepts the communication…the privacy server extracts the PII and creates a PII identifier…see par. 21, 41).


As per claim 9, Hughes discloses wherein the schema identifies a plurality of Pll fields in the entered data based on the privacy policy for the first country (…see par. 31-32).


As per claim 10, Hughes discloses wherein the first country, the second country and the third country are three different countries (…see par. 21-22).


As per claim 11, Hughes discloses wherein the Pll entered by the user never leaves the first country (…see par. 22-23).


As per claim 12, Hughes discloses wherein the first application is a different application from the second application (…see par. 38-39).


As per claim 9, Hughes discloses wherein the first application is the same application as the second application (…see par. 35).


As per claim 14, Hughes discloses wherein the plurality of schemas include the schema and the plurality of schemas are all stored in the third country (…see par. 21-23).


As per claim 16, Hughes discloses wherein the schema identifies a plurality of Pll fields in the entered data based on the privacy policy for the first country (…see par. 21-23).


As per claim 17, Hughes discloses wherein the first country, the second country and the third country are three different countries (…see par. 21-22).


As per claim 18, Hughes discloses wherein the Pll entered by the user never leaves the first country (…see par. 23).


As per claim 19, Hughes discloses wherein the first application is a different application from the second application (…see 38-39).


As per claim 20, Hughes discloses wherein the second country and the third country are the same country (see par. 3, 21).


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-form 892).
The following Patents and Papers are cited to further show the state of the art at the time of Applicant’s invention with respect to data integrity and signature verification.

Bender et al (Pub. No. US 2002/0099824); “Method and System for Sharing Anonymous User Information”;
-Teaches validating name and address information received from PII database…see par. 95-96.

Khi et al (Pub. No. US 2017/0286717); “Method and System for Managing Personal Information Within Independent Computer Systems and Digital Networks”; 
-Teaches securing several independent cryptographic data within a single ledger transaction within the ledger…see par. 53.


THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to GHAZAL B SHEHNI whose telephone number is (571)270-7479.  The examiner can normally be reached on Mon-Fri 9am-5pm PCT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 5712724219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/GHAZAL B SHEHNI/Primary Examiner, Art Unit 2436