Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This Office Action is in response to the application 16/776,293 filed on 01/29/2020.
Claims 1-22 have been examined and are pending in this application.
Information Disclosure Statement
The information disclosure statement (IDS), submitted on 05/25/2021, is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

Claims 1-4, 8-9, 16-19 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Wang (US 2016/0283735), in view of Kuperman (US 2018/0278584) and further in view of Weimer (US 2017/0366348).
Regarding claim 1, Wang disclose a computer-implemented method for securely classifying and tokenizing data (Wang abstract, par. 0038 and Fig.3), the method comprising: 
ingesting a dataset corresponding to a client (Wang 0027; to build a classification model that can accurately classify shared masked sensitive data received, accessed or obtained from entities); 
inspecting the dataset to identify a classifier that is indicative of a characteristic of an attribute included in the dataset (Wang par. 0059 and 0066; a determination as to whether there has been collected enough shared data sufficient to train the classification model and parameters used to balance the trade-off between the three terms. These values may be experimentally determined using "cross-validation" technique whereby parameters are chosen based on the best classification performance tested using different parameter values);        
retrieving client-specific encryption information and client-specific configuration information that includes a listing of anonymized labels that are indicative of types of information included in the dataset (Wang par. 0013 and 0035; accessing, from a computing device associated with a first entity, one or more records having original data sensitive to a data owner; generating an original data matrix of original data content including sensitive features and a corresponding feature label set for use in classifying the feature data; generating a random feature matrix sharing the same subspace as the sensitive features of original data matrix; and the generating of a matrix data feature set C and labels set d provides a data encryption function in which the original sensitive data could never be obtained); 
identifying a label included in the listing of anonymized labels that corresponds to a type of information in the attribute based on the identified classifier (Wang abstract; masked data set having masked data corresponding to the original sensitive data, and further including a masked feature label set for use in classifying the masked data contents); 
processing the attribute of the dataset to generate a modified attribute that is modified into a standardized format (Wang par. 0012; forming a shared data collection of the masked data and the masked feature label sets received from the first entities); and 
Wang discloses inspecting the dataset to identify and retrieving client-specific encryption (Wang par. 0013, 0035). However, Wang does not explicitly disclose generating a tokenized version of the modified attribute, including: hashing the modified attribute to generate a hashed modified attribute; comparing the label with a tag store including a series of client-specific tags to identify a first tag that corresponds to the label; and generating a contextualized token of the modified attribute that includes the first tag.
(Kuperman par. 0016 and claim 7; the SDK may be configured to generate a token that is provided in association with one or more API requests that request a Web Socket for host API access. For example, the SDK may include a public encryption key and encrypt information about the client, user, and/or other data to generate a token unique to the client/user. In turn, the SDK and/or authorized application may set an HTTP header of an API request with the token (e.g., attributes of the token which may be represented by one or more values) to include (e.g., present) the token with the API request. Wherein verifying the token based on attributes of the token further comprises: generating, by the proxy, a first hash from one or more first attributes of the token; comparing the first hash to a second attribute of the token; and verifying the token if the first hash generated by the proxy matches the second attribute, where the second attribute is a second hash generated by the client device See also par. 0062, 0078); 
comparing the label with a tag store including a series of client-specific tags to identify a first tag that corresponds to the label (Kuperman par. 0080; The proxy 205 verifies 525 the token by first checking to see if the decrypted token has attributes in the correct format, (e.g., UID:Timestamp:Hash). If an invalid encryption key or different encryption algorithm was used, the decrypted token will be unreadable. Second, the proxy 205 may verify 525 the token by checking the timestamp of the token against a current time. If the timestamp of the token exceed a permitted time limit for verifying a token after generation, the proxy 205 does not verify the token. Third, the proxy 205 generates a hash from the UID and timestamp and performs any truncating function. If the hash generated by the proxy 205 from the UID and timestamp matches the hash generated by the SDK 225, then the token is verified); and 
generating a contextualized token of the modified attribute that includes the first tag (Kuperman par. 0016 and par. 0018; The SDK is configured to generate a token that is provided in association with one or more of the API requests initiated by the authorized application. Additionally, the SDK may be configured to generate a token that is provided in association with one or more API requests that request a Web Socket for host API access. For example, the SDK may include a public encryption key and encrypt information about the client, user, and/or other data to generate a token unique to the client/user. The proxy may verify a token presented in association with an API request in a number of ways. For example, in various embodiments, the proxy may verify the token by decrypting the token with a corresponding private encryption key and determining whether the token is valid based on attributes of the token).  
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the system of Wang using the system of hashing and comparing token taught in Kuperman to authenticating client applications access to mitigating unauthorized access (Kuperman par. 0002). 
Wang and Kuperman disclose inspecting the dataset to identify and retrieving client-specific encryption (Wang par. 0013, 0035) and hashing the modified attribute. However, Wang and Kuperman do not explicitly disclose hashing the modified attribute using a hash salt and encryption key included in the client-specific encryption information to generate a hashed modified attribute.
(Weimer par. 0066; Entity a then adds all of the PII attributes to a distributed hashed table using agreed upon hash/salt protocols members of the BC agreed to).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the system of Wang and Kuperman using the system of hashing taught in Weimer to authenticating a user retrieving identification data from the database (Weimer abstract). 
Regarding claim 2, Wang, Kuperman and Weimer disclose the computer-implemented method of claim 1,
Wang further discloses wherein at least a portion of the data included in the dataset includes personally identifiable information (PII) (Wang par. 0039; The sensitive data to be preserved include but not limited to: face images, fingerprints, medical records, personal history, browsing history, etc., any data that could be subject to data analysis).  
Regarding claim 3, Wang, Kuperman and Weimer disclose the computer-implemented method of claim 1,
Wang further discloses wherein the classifier includes any of a domain classifier, a subdomain classifier, an attribute classifier, and an entity classifier (Wang abstract; a system, method and computer program product for generating a classification model using original data that is sensitive or private to a data owner).  
Regarding claim 4, Wang, Kuperman and Weimer disclose the computer-implemented method of claim 1,
Kuperman further discloses wherein the client-specific encryption information is retrieved from a secure server, the client-specific encryption information encrypted using a hashed message authentication code (HMAC) protocol or transmitted via TLS protocol, and wherein the hash salt includes a computer-generated SHA2 512/256 token, and AES256 encryption key (Kuperman par. 0041; hashing functions include, but are not limited to SHA256 or MD5).  
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the system of Wang and Weimer using the system of hashing and comparing token taught in Kuperman to authenticating client applications access to mitigating unauthorized access (Kuperman par. 0002). 
Regarding claim 8, Wang, Kuperman and Weimer disclose the computer-implemented method of claim 1,
Weimer further discloses further comprising: encrypting the hashed modified attribute using a client-specific encryption key included in the client-specific encryption information (Weimer par. 0066; Entity a then adds all of the PII attributes to a distributed hashed table using agreed upon hash/salt protocols members of the BC agreed to).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the system of Wang and (Weimer abstract). 
Regarding claim 9, Wang, Kuperman and Weimer disclose the computer-implemented method of claim 1,
Wang further discloses further comprising: responsive to identifying the label, generating a first set of insights of the dataset based on the label and the attribute; responsive to generating the modified attribute, generating a second set of insights for the dataset based on the modified attribute; and storing the first set of insights and the second set of insights in a network-accessible server system (Wang par. 0066; the method stores the received masked feature data and feature label sets in a database and forms a collection or shared pool of sets of masked feature data and feature label sets received from the same or other entities. Then there is performed at 312, a determination as to whether there has been collected enough shared data sufficient to train the classification model. If not, the system waits until further masked feature data sets C and corresponding masked feature labels d are received. Otherwise, at 312, if it is determined that there is enough data for the classification, or alternatively, if the data classification model is being updated with newly received mask data, the process proceeds to step 316 where the learner is consulted to perform the modeling.).  
Regarding claim 16; claim 16 is directed to a computer-readable medium associated with the method claimed in claim 1.  Claim 16 is similar in scope to claim 1, and is therefore rejected under similar rationale.
Regarding claim 17, Wang, Kuperman and Weimer disclose the computer-readable medium of claim 16, 
Wang further discloses wherein the attribute includes an impression of data included in the dataset while preventing transmission of the dataset from a client node maintaining the dataset (Wang par. 0067; the methods herein may be run on a computer, or any equipment that is designed for data acquisition, transferring, sharing and storage. Such equipment can integrate the method herein to prevent privacy leakage while maintaining the usability of the data). 
Regarding claims 18-19 and 22; claims 18-19 and 22 are directed to a computer-readable medium associated with the method claimed in claims 3-4 and 8 respectively.  Claims 18-19 and 22 are similar in scope to claims 3-4 and 8 respectively, and are therefore rejected under similar rationale.
Claims 10-14 are rejected under 35 U.S.C. 103 as being unpatentable over Wang (US 2016/0283735) and in view of Kuperman (US 2018/0278584).
Regarding claim 10, Wang disclose a method performed by a computing node to generate a tokenized impression of client data, the method comprising: (Wang abstract, par. 0038 and Fig.3), the method comprising: 
obtaining a stream of data corresponding to a client from a client node, the stream of data including a series of datasets (Wang 0027; to build a classification model that can accurately classify shared masked sensitive data received, accessed or obtained from entities); 
 (Wang par. 0059 and 0066; a determination as to whether there has been collected enough shared data sufficient to train the classification model and parameters used to balance the trade-off between the three terms. These values may be experimentally determined using "cross-validation" technique whereby parameters are chosen based on the best classification performance tested using different parameter values);        
identifying a label included in a listing of client-specific labels that corresponds to the dataset (Wang abstract; masked data set having masked data corresponding to the original sensitive data, and further including a masked feature label set for use in classifying the masked data contents); 
processing the attribute using a series of rules engines configured to modify the attribute according to the series of rules engines (Wang par. 0012; forming a shared data collection of the masked data and the masked feature label sets received from the first entities); and 
Wang discloses inspecting the dataset to identify and retrieving client-specific encryption (Wang par. 0013, 0035). However, Wang does not explicitly disclose generating a token that includes a tokenized version of the modified attribute; and sending generated tokens for the stream of data to a network-accessible server system configured to maintain the generated tokens.
However, in an analogous field, Kuperman discloses generating a token that includes a tokenized version of the modified attribute (Kuperman par. 0016 and claim 7; the SDK may be configured to generate a token that is provided in association with one or more API requests that request a Web Socket for host API access. For example, the SDK may include a public encryption key and encrypt information about the client, user, and/or other data to generate a token unique to the client/user. In turn, the SDK and/or authorized application may set an HTTP header of an API request with the token (e.g., attributes of the token which may be represented by one or more values) to include (e.g., present) the token with the API request. Wherein verifying the token based on attributes of the token further comprises: generating, by the proxy, a first hash from one or more first attributes of the token; comparing the first hash to a second attribute of the token; and verifying the token if the first hash generated by the proxy matches the second attribute, where the second attribute is a second hash generated by the client device See also par. 0062, 0078); 
sending generated tokens for the stream of data to a network-accessible server system configured to maintain the generated tokens (Kuperman par. 0038; The SDK 225 is configured to generate a token that is transmitted to the proxy 205 for authenticating the non-malicious client 101 and thus providing the authorized application 215,); and 
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the system of Wang using the system of hashing and comparing token taught in Kuperman to authenticating client applications access to mitigating unauthorized access (Kuperman par. 0002). 
Regarding claim 11, Wang and Kuperman disclose the method of claim 10,
Wang further discloses further comprising: retrieving client-specific encryption information that includes a hash code and a client- specific encryption key from a secure  (Wang par. 0013 and 0035; accessing, from a computing device associated with a first entity, one or more records having original data sensitive to a data owner; generating an original data matrix of original data content including sensitive features and a corresponding feature label set for use in classifying the feature data; generating a random feature matrix sharing the same subspace as the sensitive features of original data matrix; and the generating of a matrix data feature set C and labels set d provides a data encryption function in which the original sensitive data could never be obtained).  
Regarding claim 12, Wang and Kuperman disclose the method of claim 11,
Kuperman further discloses wherein said generating the tokenized version of the modified attribute includes: hashing the modified attribute using the hash code included in the client-specific encryption information to generate a hashed modified attribute; comparing the classifier with a tag store including a series of client-specific tags to identify a first tag that corresponds to the classifier; and  -28-generating a contextualized token of the modified attribute that includes the first tag, the token including the contextualized token (Kuperman par. 0080; The proxy 205 verifies 525 the token by first checking to see if the decrypted token has attributes in the correct format, (e.g., UID:Timestamp:Hash). If an invalid encryption key or different encryption algorithm was used, the decrypted token will be unreadable. Second, the proxy 205 may verify 525 the token by checking the timestamp of the token against a current time. If the timestamp of the token exceed a permitted time limit for verifying a token after generation, the proxy 205 does not verify the token. Third, the proxy 205 generates a hash from the UID and timestamp and performs any truncating function. If the hash generated by the proxy 205 from the UID and timestamp matches the hash generated by the SDK 225, then the token is verified). 
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the system of Wang using the system of hashing and comparing token taught in Kuperman to authenticating client applications access to mitigating unauthorized access (Kuperman par. 0002).
Regarding claim 13, Wang and Kuperman disclose the method of claim 11,
Wang further discloses further comprising: encrypting the modified attribute using the client-specific encryption key included in the client-specific encryption information (Wang par. 0013 and 0035; accessing, from a computing device associated with a first entity, one or more records having original data sensitive to a data owner; generating an original data matrix of original data content including sensitive features and a corresponding feature label set for use in classifying the feature data; generating a random feature matrix sharing the same subspace as the sensitive features of original data matrix; and the generating of a matrix data feature set C and labels set d provides a data encryption function in which the original sensitive data could never be obtained). 
Regarding claim 14, Wang and Kuperman disclose the method of claim 10,
 (Wang abstract and par. 0035; a system, method and computer program product for generating a classification model using original data that is sensitive or private to a data owner. Generating a random feature matrix sharing the same subspace as the sensitive features of original data matrix; and the generating of a matrix data feature set C and labels set d provides a data encryption function in which the original sensitive data could never be obtained). 
Allowable Subject Matter
Claims 5-7, 15 and 20-21 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANCHIT K SARKER whose telephone number is (571)270-7907. The examiner can normally be reached M-F 8:30 AM-5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, FARID HOMAYOUNMEHR can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SANCHIT K SARKER/Examiner, Art Unit 2495