DETAILED ACTION

Claims 1-20 are presented for examination.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The Information Disclosure Statement(s) submitted by applicant on 09/11/2019 has/have been considered. The submission is in compliance with the provisions of 37 CFR § 1.97. Form PTO-1449 signed and attached hereto.

Allowable Subject Matter

Claims 8 and 18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims1-7, 9-17, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Sbeiti et al. (US Patent Application No. 20180083960) (Hereinafter Sbeiti) in view of Samuel et al. (US Patent Application No. 20170177798) (Hereinafter Samuel).

As per claim 1, Sbeiti discloses a  method for facilitating user privacy using encryption based pseudonymization, wherein the method comprises: 
receiving, using a communication device, a request to pseudonymize personal data associated with a user from a device, wherein the request comprises credentials associated with the user (fig 3, para 6, 63; “transmits a pseudonym selected by the respective user via an encrypted pseudonym negotiation 312 to the D-ID middleware 320”); 
authenticating, using a processing device, the user based on the credentials (fig 3, para 6, 63; “user defines and specifies a D-ID and the D-ID agent 310 transmits this D-ID using any supported device and an authentication method 311 to the D-ID middleware 320”); 
verifying, using the processing device, permissions associated with the request based on the authenticating of the user (fig 3, Para 6,  63, “The D-ID agent 310 verifies through the D-ID middleware 320 that the pseudonym is unique”); 
pseudonymizing, using the processing device, the personal data based on the verifying to obtain pseudonymized data (fig 3, para 63, corresponding to the newly generated pseudonym to the D-ID middleware). 
Sbeiti does not explicitly disclose  permission access and storing, using a storage device, the pseudonymized data. However, Samuel discloses permission access (para 45) and storing, using a storage device, the pseudonymized data (fig 4, para 43, stores them in the database).  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of 

As per claim 2, claim is rejected for the same reasons as claim 1, above. In addition,  Sbeiti discloses wherein the authenticating of the user is further based on authenticating protocols, wherein the authenticating protocols comprise at least one of certificates, Application Programming Interface (API) keys, tokens, credentials, and OAuth (para 54; “Examples for such authentication methods are Kerberos, IPsec, certificates-based Secure Sockets Layer (SSL), password-based SSL, any Single Sign On Solution”). 

As per claim 3, claim is rejected for the same reasons as claim 1, above. In addition,  Samuel discloses wherein an individual data unit in the personal data cannot be re-identified based on the pseudonymized data without additional information, wherein the pseudonymized data is suitable for data analysis and data processing (para 68;” request access to member data for analysis”). 

As per claim 4, claim is rejected for the same reasons as claim 1, above. In addition,  Samuel discloses wherein the pseudonymizing the personal data is further based on pseudonymization data sets retrieved from a pseudonymization database (para 43;” pseudonym, and makes it possible to analyze medical treatment data of the patient stored in the database under the pseudonym”). 

As per claim 5, claim is rejected for the same reasons as claim 1, above. In addition,  Samuel discloses wherein the pseudonymizing further comprises:
 categorizing, using the processing device, the personal data based on the verifying permissions to obtain categorized personal data (fig 5, para 43. 45, “collected data by pseudonymizing and anonymizing the collected data and categorizing the pseudonymized data.  Database  then stores the pseudonymized); 
generating, using the processing device, a crypto-key associated with the categorized personal data (para 47; “create a pseudonym using symmetric key algorithm on a member ID of the user”); and 
encrypting, using the processing device, the categorized personal data using the crypto-key to obtain the pseudonymized data (fig 5, para 47;” encrypts the pseudonym and creates a map function to access member-identifiable data through the pseudonym”). 

As per claim 6; claim is rejected for the same reasons as claim 1, above. In addition,  Samuel discloses wherein the crypto-key is used for encrypting the personal data and decrypting an encrypted personal data (para 47 and 59, teaches encrypting and decrypting data). 

As per claim 7, claim is rejected for the same reasons as claim 1, above. In addition,  Samuel discloses further comprising deleting, using the processing device, the crypto-key (para 36, key identifiers are removed). 

As per claim 9, claim is rejected for the same reasons as claim 1, above. In addition,  Samuel discloses wherein the method further comprises: 
retrieving, using the storage device, pseudonymization data sets from a pseudonymization database (fig 6, para 63, request data); 
de-pseudonymizing, using the processing device, the pseudonymized data using the pseudonymization data sets to obtain de-pseudonymized data (fig 6, para 63; perform the de-pseudonymization); 
performing, using the processing device, data analysis on the de-pseudonymized data to obtain analytical results (fig 6, para 63); 
examining, using the processing device, the analytical results to identify the personal data in the analytical results (para 37, 68, data for analysis); 
pseudonymizing, using the processing device, the analytical results based on the examining to obtain pseudonymized analytical results (para 37, 68, data for analysis); and 
storing, using the storage device, the pseudonymized analytical results in a database (para 79-80, stores data in order to provide access to the data). 

As per claim 10, claim is rejected for the same reasons as claim 1 and 9, above. 

As per claim 11, claim is rejected for the same reasons as claim 1, above. 

As per claim 12, claim is rejected for the same reasons as claim 2, above. 

As per claim 13, claim is rejected for the same reasons as claim 3, above. 

As per claim 14, claim is rejected for the same reasons as claim 4, above. 

As per claim 15, claim is rejected for the same reasons as claim 5, above. 

As per claim 16, claim is rejected for the same reasons as claim 6, above. 

As per claim 17, claim is rejected for the same reasons as claim 7, above. 

As per claim 19, claim is rejected for the same reasons as claim 9, above. 

As per claim 20, claim is rejected for the same reasons as claim 1, above. In addition,  Samuel discloses wherein the communication device is further configured for receiving a user request to delete the pseudonymized data (para 73, removing data); and
 the processing device is further configured for deleting the pseudonymized data based on the user request (para 73, removing data).

Conclusion

Please see the attached PTO-892 for the prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl G Colin can be reached on 571-272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.