DETAILED ACTION
The following claims are pending in this office action: 1-11
The following claims are amended: 1, 3, 6, 8, and 11
The following claims are new: -
The following claims cancelled: -
Claims 1-11 are rejected. This rejection is FINAL.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Previous Objections Withdrawn
Objections to claim 3-8 are withdrawn
RESPONSE TO ARGUMENTS
Applicant’s arguments filed in the amendment filed 08/26/2021 have been fully considered but are they are moot in view of new grounds of rejection necessitated by amendment.  
Applicant notes: “……feature of claim 1 has been amended to recite ‘in response to receiving a request for the personal data of a first user from a terminal device, obtain a first determination result by determining, for each of the plurality of items, difference between first personal data and second personal data, the first personal data being the personal data of the first user stored in the memory at a first time point, the second personal data being the personal data of the first user stored in the memory at a second time point before the first time point, the second personal data being associated with the approval information indicating the positive status of approval for providing the second personal data of the first user, the first personal data having been not yet associated with the approval information indicating the positive status of approval for providing the first personal data of the first user’.”  The amendment has been mapped to Glasgow and Williamson below and rejected accordingly.  
Applicant notes “W1 [Williamson] merely discloses “[t]he reference data matcher 204 may require an exact match between the data portion and the data indicated in the reference data source, or only a percentage match beyond a threshold degree (e.g., matching a percentage number of the data in the data portion to the data in the reference data source)’.”  Although this portion has been remapped to Glasgow, examiner notes that Williamson is used to teach a first personal data stored in memory at a first point in time, and a second personal data stored in memory at a second time point before the first time point, as mapped below and rejected accordingly.  
Applicant notes “neither P1 [Pollard] nor W1 [Williamson] appears to disclose that ‘in response to the first determination result indicating that the difference between the first personal data and the second personal data exists in a first item from among the plurality of items, obtain, for the plurality of users other than the first user, first group of the personal data being plural pieces of the personal data which has a same value of the first item as the first personal data of the first user’ and ‘in response to the obtaining of the first group, calculate a portion of a second group relative to the first group, the second group being plural pieces of the personal data in the first group which has been associated with the approval information indicating the negative status of approval’.”  The amendment has been mapped to Glasgow below.  
Independent claims 6 and 11 are amended in a similar way to claim 1 and is mapped to Glasgow and Williamson accordingly and rejected accordingly.  
Dependent claims 2-5, and 7-10 depend on independent claims 1, 6, and 11.  The amended elements in the independent claims have been mapped Glasgow and Williamson, and so any additional patentable features are rejected accordingly.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


Claims 1-2, 6-7, and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Glasgow (US Pub. 2016/0225000) (hereinafter “Glasgow”) in view of Williamson et al. (US Pub. 2018/0232528) (hereinafter “Williamson”).    
As per claim 1 Glasgow teaches a memory configured to store, ([Glasgow, para. 0058] the system described is implementable in memory) for each user of a plurality of users,  personal data obtained in a plurality of time points, the personal data obtained in at least any one of the plurality of time points  ([para. 0015] provide [obtain] numerous consents over a period of time [obtained in a plurality of time points], for various types of personal data from a number of customers [plurality of users]) being associated with approval information indicating a positive status or a negative status for approval for providing the personal data, ([para. 0047] a consent state for each type of personal data of a user is stored: for example, the user may have elected to either opt-in [a positive status] or opt out [a negative status])  the personal data including a plurality of items with respect to that user; and  ([para. 0047; para. 0015; para. 0036] the consent for the personal data is associated with an associated type out of a number of types  of personal data [the personal data] with respect to the user which corresponds to consents that may be given in various contracts, applications, forms, or triggers associated with the consent [a plurality of items])
a processor coupled to the memory and the processor configured to: ([Glasgow, para. 0058; Fig. 5] the processes described may be implemented by memory and executed by a processor connected to the memory)
the personal data of a first user from a terminal device, ([Glasgow, para. 0013; para. 0037; para. 0055] a request for the utilizing a certain amount of personal data is received from companies/third parties from a computer/server or other endpoint [terminal] device) obtain a first determination result by determining, for each of the plurality of items, between first personal data and second personal data, ([para. 0004; para. 0015; para. 0026; para. 0036; para. 0047] the consent valuation [first determination result] is determined based on the consent state of personal data types [a first and second personal data] that is associated with individual items of consent, i.e. contracts, applications, forms, or triggers [see para. 0015 and para. 0036] for a particular program is stored in the database [see para. 0047], each of which is used to determine the consent evaluation [see para. 0026]) the first personal data being the personal data of the first user stored in the memory [at a first time point,] ([para. 0015; para. 0030] personal data may be one of a number of personal data recorded at a first time point, over a period of time i.e. the viewing schedule of a user; the first personal data recorded at a first time point is taught by Williamson below)  the second personal data being the personal data of the first user stored in the memory [at a second time point before the first time point,] ([para. 0030] personal data may be one of a number of personal data recorded at a one time, i.e. geo-location information of a user; the second personal data recorded at a second time point before the first time point is taught by Williamson below) the second personal data being associated with the with the approval information indicating the positive status of approval for providing the second personal data of the first user, ([para. 0042; Fig. 3] the geo-location information is opted-in) the first personal data having been not yet associated with the approval information indicating the positive status of approval for providing the first personal data of the first user ([para. 0042; Fig. 3] the view schedule information is informed but not yet opted-in)
in response to the first determination result indicating that the difference between the first personal data and the second personal data exists ([Glasgow, para. 0035; Fig. 2] the consent array associated with the consent valuation determines that the customer has opted-in one program and opted-out of another program, indicating a difference between the first and second personal data exists)  in a first item from among the plurality of items, ([para. 0015; para. 0035-0036] the determination is made by analyzing contracts, forms, and triggers [a plurality of items] that are provided by the user and finding a contract that indicates that the consumer hereby gives consent for the collection and user of his or her personal data [a first item]) obtain, for the plurality of users other than the first user, first group of the personal data being plural pieces of the personal data which has a same value of the first item as the first personal data of the first user; ([para. 0036-0037] the consent array [first group of personal data] is obtained for users other than the first user.  The consent array is correlated with the pieces of personal data [contracts, triggers, etc.] of the first user, and matches are found [plural pieces of personal data which has a same value of the first item])
in response to the obtaining of the first group, ([Glasgow, para. 0050] the processor determines a consent array for the user) calculate a portion of a second group relative to the first group, ([para. 0052] calculates whether the consent array for the user matches another consent array [a portion of the second group relative to the first group]) the second group being plural pieces of the personal data in the first group which has been associated with the approval information indicating the negative status of approval; and ([para. 0052] the second group contains historical data of users with a similar consent array [plural pieces of personal data], which can be used to predict consent behavior of the first user based on whether the consent array of the second group indicates if users with a similar signature has had a negative answer to “subscribed to a particular service” [approval information indicating the negative status of approval])
in response to the calculated portion being less than a predetermined threshold, ([Glasgow, para. 0037; para. 0051-0052; Fig. 4] at step 450, the processor determines whether the consent valuation and/or the consent signature will trigger an action.  When the consent array of the second group with negative answers to whether a non-first user had subscribed to a particular service exceeds a historical pattern [a predetermined threshold] the processor will proceed to step 495 where the process ends. When the consent array of the second group with negative answers to whether a non-first user had subscribed to a particular service matches a historical pattern [does not exceed a predetermined threshold], the processor will proceed to step 460 to execute the pertinent action) transmit the first data to the terminal device. ([para. 0013; para. 0037; para. 0055] an action to be executed includes providing data to companies/third parties by providing to a computer/server or other endpoint [terminal] device)
Glasgow does not explicitly teach the first personal data being the personal data of the first user stored in the memory at a first time point and the second personal data being the personal data of the first user stored in the memory at a second time point before the first time point.
However, Williamson teaches the first personal data being the personal data of the first user ([Williamson, para. 0024] sensitive data includes personally identifying data [personal data] of an individual [of the first user]; [Para. 0053] first data is data received from the data pre-processor) stored in the memory ([Para. 0112-0113] the computer system that implements the invention stores data in memory) at a first time point ([Fig. 7; para. 0093] sensitive data disclosed over time, for example, data that is received from the data pre-processor in December is disclosed – first data at a first time point) and the second personal data being the personal data of the first user stored in the memory at a second time point before the first time point. ([Fig. 7; para. 0093] sensitive data disclosed over time, for example, data that is received from the data pre-processor in June is disclosed – first data at a second time point before the first time point)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Glasgow with the teachings of Williamson to include the first personal data being the personal data of the first user stored in the memory at a first time point and the second personal data being the personal data of the first user stored in the memory at a second time point before the first time point.  One of ordinary skill in the art would have been motivated to make this modification because identifying sensitive data over specific point of time allows the categorization of sensitive data to be updated over time as the data changes.  (Williamson, para. 0082)

As per claim 2, Glasgow in view of Williamson teaches claim 1.  
Glasgow does not explicitly teach determination includes determining that the provision of the first data is permitted when the difference is not more than a first threshold.
However, Williamson teaches the determination includes determining that the provision of the first data is permitted when the difference is not more than a first threshold.  ([Williamson, para. 0053; para. 0072] if the first data does not match the reference data to a threshold, the first data is not sensitive data.   [Para. 0065] In the case the data is not sensitive data, access controls are not applied to the data, and provision of the data is permitted)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Glasgow with the teachings of Williamson to include determination includes determining that the provision of the first data is permitted when the difference is not more than a first threshold.  One of ordinary skill in the art would have been motivated to make this modification because assigning a threshold to the determination allows a security level to be determined such that security features, such as access restriction, can be applied to the data.  (Williamson, para. 00388)

As per claim 6, the method disclosed has claim language that is identical or substantially similar to the steps performed by the information provision apparatus of claim 1, and thus is rejected with the same rationale applied against claim 1.  



As per claim 11, the instructions of the non-transitory computer-readable medium comprises claim language that is identical or substantially similar to the steps performed by the information provision apparatus of claim 1, and thus is rejected with the same rationale applied against claim 1.  

Claims 3 and 8 are rejected under 35 U.S.C. 103 as being unpatentable over Glasgow in view of Williamson as applied to claims 2 and 7 above, and further in view of Pollard (US Pub. 2010/0186066) (hereinafter “Pollard”).  

As per claim 3, Pollard in view of Williamson teaches claim 2.  
Glasgow does not explicitly teach determination includes determining that the provision of the first data is permitted when the difference is not more than a first threshold
However, Williamson teaches wherein the determination includes determining that the provision of the first data is not permitted when the difference is more than a first threshold, and ([Williamson, para. 0053] if the data matches the reference data beyond a threshold, the data protect module applies access control restrictions [determining that the provision of the first data is not permitted] to the data [see para. 0046; para. 0065])
At the time of filing it would have been obvious to one of ordinary skill in the art to combine the teachings of Pollard and Williamson for the same reasons as disclosed above.
Glasgow in view of Williamson does not explicitly teach the processor is further configured to, when it is determined that the provision of the first data is not permitted, transmit, the first user, another request for confirming approval for the provision of the first data.
 ([Pollard, para. 0033] when it is determined that the personal data request is not in accord with the data subscription [determined that the provision of the first data is not permitted], another request for confirming approval may be transmitted to the user and the user specifies which personal data items may be accessed [approval for the provision of the first data])
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Glasgow with the teachings of Pollard to include the processor is further configured to, when it is determined that the provision of the first data is not permitted, transmit, to a terminal device of the first user, another request for confirming approval for the provision of the first data.  One of ordinary skill in the art would have been motivated to make this modification because such a determination may in some circumstances be out of date with respect to current details, and the user may be notified to provide access when such a determination is out of date.  (Pollard, para. 0033)

As per claim 8, the claim language is identical or substantially similar to that of claim 3. Therefore, it is rejected under the same rationale applied to claim 3.


Claims 4-5, and 9-10 are rejected under 35 U.S.C. 103 as being unpatentable over Glasgow in view of Williamson as applied to claims 1 and 6 above, and further in view of Sommer (US Pub. 2017/0353482) (hereinafter “Sommer”).  

As per claim 4, Glasgow in view of Williamson teaches claim 1.  

However, Sommer teaches wherein the processor is further configured to calculate, in accordance with a particular calculation expression, ([Sommer, para. 0099], the sum [a calculation] of all VRS impact factors [the particular calculation expression] equals a vulnerability risk score) a sensitivity degree of the first data representing a quantified degree of effect caused for the first user if the first data is leaked, and ([Sommer, para. 0096; Table 1] a vulnerability risk score [a sensitivity degree of the first data] is described.  The score is based on a number of factors – including factors representing a quantified degree of effected caused if the data were to be leaked.  For example, if the mobile payment application is leaked, the VRS impact on sensitive information would greater [see para. 0025 – depending on the application, there may be higher or lower risk of personal information of parties exposed], and there would be a higher impact risk than if, for example, the information concerning account enablement were to be leaked)
the determination is performed based on the calculated sensitivity degree of the first data. ([Sommer, para. 0090] if the vulnerability risk score [a sensitivity degree of the first data] is appropriate, a determination of access to personal data is made)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Glasgow with the teachings of Sommar to include wherein the processor is further configured to calculate, in accordance with a particular calculation expression, a sensitivity degree of the first data representing a quantified degree of effect caused for the first user if the first data is leaked, and the determination is performed based on the calculated sensitivity degree of the first data.  One of ordinary skill in the art would have been motivated to make this modification because calculating a score associated with a sensitivity degree, such as a vulnerability risk score, enables networks and systems to evaluate an application [such as an application requesting high risk data].  (Sommer, para. 0013)

As per claim 5, Glasgow in view of Sommer teaches claim 1.  
Glasgow does not teach wherein the determination includes determining that the provision of the first data is permitted when the calculated sensitivity degree of the first data is not more than a second threshold.
However, Sommer teaches wherein the determination includes determining that the provision of the first data is permitted when the calculated sensitivity degree of the first data is not more than a second threshold.  ([Sommer, para. 0090] the risk engine compares the VSR score [the sensitivity degree of the first data] to a threshold [a second threshold].  If the vulnerability risk score is equal to or less than [not more than] the denial threshold, access to data is granted)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Glasgow with the teachings of Sommar to include wherein the determination includes determining that the provision of the first data is permitted when the calculated sensitivity degree of the first data is not more than a second threshold.  One of ordinary skill in the art would have been motivated to make this modification because comparing the calculated score with a threshold allows a decision to be made whether to approve or deny access to sensitive information, increasing the trustworthiness of approved processes.  (Sommer, para. 0013)

As per claim 9, the claim language is identical or substantially similar to that of claim 4. Therefore, it is rejected under the same rationale applied to claim 4.

.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Duun (US Patent No. 7,912,971) discloses a method of user-centric authorization to access user-specific information including limitations on accessing personal information at a time point and changing approval of such limitation at a later time period and an access control rule that is determined by comparing set of default access preferences with an intended user of a client.  Rugelj (US Pub. 2003/0023678) discloses a voluntary exchange of personal data a user approves the use of personal data, transactions performed related to the personal data is similarly approved.  
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHE LIU whose telephone number is (571) 272-3634.  The examiner can normally be reached on Monday - Friday: 8:30 AM to 5:30 PM.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000.
/Z.L./Examiner, Art Unit 2493                                                                                                                                                                                                        
/CARL G COLIN/Supervisory Patent Examiner, Art Unit 2493