Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Vesper et al. (Hereinafter referred to as Vesper, US 20110153351 A1) in view of LaFever et al. (Hereinafter referred to as LaFever, US. Pub. No.: US 20190332807 A1).

As per claim 1:
Vesper discloses a computing platform, comprising:

submit, via a first computing device, a query for data associated with a user ([0129-0130: Header manager interfaces with search manager to search the headers or personal information; Search manager to search the headers or personal information, allows a search to be performed on a patient, physician and/or a facility, only searches publicly available patient information. the header search may provide three different fixed criteria: (1) Central or System ID, (2) Local ID, or (3) Last Name, First Name, Date of Birth and Birth City. The patient search function allows record consumers to search for header information with which the record consumer has a trusted relationship);
receive, via the first computing device, a search result comprising an attribute of the user ([0125-0126]: Header manager administers the access and storage of the header or PHI information in the database; the header, PHI or personal information is encrypted in the database to prevent any unauthorized database access from viewing the data. Header manager 150 is comprised of header retriever and header sender. The header manager only returns header information to a trusted session. Header manager encrypts the header information before loading it onto the database, and decrypts it before sending it to a calling function. The system encrypts search criteria for patient information and identifies encrypted data in the database using an encryption indicator in the tables. Header manager manages searches from calling applications);

upload, via a web interface and to a second computing device, the data file comprising the attribute identifier ([0177-0178] Loading of records can also occur when records are restored on the system, from direct loading from a file system, either single or multiple files, or CD import of records for directly uploading to the Central Server. Each file uses the Local System ID and Node ID to determine a match. Verification here occurs both when a record is uploaded and when a record is restored on the system; [0257]: The DICOM image was split into protected healthcare information and anonymous DICOM imaging data and joined by the consumer 3004. The split data was stored in different locations, for example, the protected healthcare information was stored in one area of the network while the imaging data was stored in another part);
receive, via the web interface and from the second computing device, an encryption key corresponding to the attribute identifier ([0175]: The harvesting process is completed at the server level. During the harvesting process, new records are identified, an encryption key is associated with the study and the PHI and the record are then copied to the local storage node. 
store, via the first computing device and in a database, an association between the attribute, the attribute identifier, and the encryption key ([0178]: store the record, split by the record harvester into its two main parts: PHI and body, The PHI 70 is then encrypted and a Key or Encryption Key is added to the PHI. The PHI plus Key are then sent to the Central Index and stored).

Vesper does not explicitly disclose generating the attribute identifier associated with the attribute of the user. LaFever, in analogous art however, discloses generating the attribute identifier associated with the attribute of the user ([0020]: unique, dynamically changing de-identifiers (“DDIDs”)—each associated with a subject, e.g., a person, place, or thing (e.g., an event, document, contract, or “smart contract”), to which data directly or indirectly pertains or relates (a “Data Subject”), and/or an action, activity, process and/or trait pertaining to a Data Subject, for a temporally unique period of time, thereby enabling the Data Subject to operate in a “dynamically anonymous” manner; [0024]: Each DDID may be associated with any one or more data attributes to facilitate with respect to a specific action, activity, process or trait, the combination of a DDID and any data elements associated with the DDID for a temporally unique period of time are referred to as a temporal data representation, or a “TDR.” For purposes hereof, 
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify the claimed limitations of the attribute of the user file disclosed by LaFever to include to generate the attribute identifier associated with the attribute of the user. This modification would have been obvious because a person having ordinary skill in the art would have been motivated by the desire to provide improve data privacy and security by enabling subjects to which data pertains to remain “dynamically anonymous,” i.e., anonymous for as long as is desired and to the extent that is desired as suggested by LaFever (0019-0020).

As per claim 2:
Vesper discloses wherein the instructions to provide the data file comprise additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: remove, after an elapse of a time threshold, the data file from the web interface ([0101]: When the patient's information (PHI) is requested, it is always transferred in a secure fashion and promptly and completely deleted when it is no longer needed and uploaded image for a user-specified period of time, for instance three months, six months, twelve months, or some other period of time. A timestamp can be placed on each copied image).

As per claim 3:


As per claim 4:


As per claim 5:
Vesper discloses wherein the instructions comprise additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: receive, via the first computing device and over the web interface, a second query comprising the encryption key; match, via the first computing device and in the database, the encryption key 

As per claim 6:
Vesper discloses wherein the encryption key is based on a unidirectional hashing algorithm ([0089]: The Harvester Tag may be complementary unique identifiers, complementary hashes or watermarks; [0342]: The images assigned a GUID and fingerprinted using a hashing algorithm like SHA. In turn, the images can be logged into an Internet resident global repository of images and optionally anonymized by removing private health information from the DICOM header. The images can be optionally converted into a canonical DICOM compliant format and optionally encrypted using a symmetric encryption key. The images can be fingerprinted again using a hashing algorithm and uploaded to an Internet based image repository using strongly authenticated web services).

As per claim 7:
Vesper discloses wherein the instructions comprise additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: generate the query in JavaScript Object Notation (JSON) format; and validate, based on the JSON format, the search result ([0411-0413]: The applications can provide an image in a web compatible format such as .jpg or .png. The attributes can be returned as a .json file. A JavaScript Object Notation payload, in the form of a .json file, can be returned by the applications).

As per claim 8:
Vesper discloses wherein the database is a Relational Database Management System (RDBMS) ([0378]: The deployment can include at least one relational database management system (RDBMS) and Connected to the RDBMS is the central index; [0382]: The central index can include a primary RDBMS within the data center and a number of storage node systems that store individual DICOM files that are coupled to web caches). 

As per claim 9:
Vesper discloses wherein the instructions comprise additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: determine, based on the web interface, a size of a batch comprising a plurality of data files associated with a plurality of users; generate, based on the size, the batch of the plurality of data files; upload, via the web interface and to the second computing device, the batch; and remove, 

As per claim 10:
Vesper discloses wherein the instructions comprise additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: determine the size of the batch to minimize the time interval for the batch to remain on the web interface ([0101]: When the patient's information (PHI) is requested, it is always transferred in a secure fashion and promptly and completely deleted when it is no longer needed and uploaded 

As per claim 11:
Vesper discloses wherein the instructions comprise additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: receive, via the web interface, an error message indicative of a failure to upload the batch; and repeat, via the web interface and based on the error message, the upload of the batch ([0142]: P2P sender 274 is responsible for sending files out over the P2P network and making sure that delivery is completed and confirmed. P2P sender 274 receives instructions from the node manager to transmit a given file to a separate node. P2P sender 274 has the ability to send multiple files at the same time to different nodes on the system. P2P sender 274 verifies the file exists on storage manager 52, and locks 284 the file in transient storage 282 for transmission. P2P sender 274 is capable of compressing a record to a temporary location. P2P sender also unlocks the record on the local storage node and reports successful completion to the central network. If an error occurs during transmission, the P2P sender 274 retries, in one embodiment, three times, before reporting a transmission failure to the central network; [0186]: Also within the Central Server is the Network Node Manager. The network node manager is the central controlling point for the Peer-to-Peer Network. All nodes will authenticate or login to the system through this component. The management of record transfer, node status and node errors are handled here).


Vesper discloses wherein the instructions comprise additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: modify the size of the batch based on the error message ([0304-0306]: Generally described, the producer's 3002 nominal state can be waiting for DICOM associations for the modality module 3730; The modality module 3730 associates with the central index 3702 to send a DICOM image. The producer 3002 can commit the DICOM image to disk and begin the processing pipeline. The producer 3002 can then submit an image resource request to the central index 3702 sending the DICOM header information in the request. If a resource exists with the given grid Id, it is returned otherwise an error can be returned).

As per claim 13:
Vesper discloses a method, comprising:
at a computing platform comprising at least one processor, and memory (Figure 1A, 1B: Record Consumer 15, 18 and Central Network 14):
receiving, via a first computing device and over a web interface, a query comprising an encryption key ([0125-0126]: Header manager administers the access and storage of the header or PHI information in the database; the header, PHI or personal information is encrypted in the database to prevent any unauthorized database access from viewing the data. Header manager 150 is comprised of header retriever and header sender. The header manager only returns header information to a trusted session. Header manager encrypts the header information before loading it onto the database, and decrypts it before sending it to a calling function. The 
looking up, via the first computing device and in a database, the encryption key ([0262]: The database can include fields for storing the personal information, encryption key and electronic address of the source node on which the record is stored. The study metadata database can be at one location or distributed among different sites);
retrieving, via the first computing device and from the database, a secured link to the attribute ([0222]: Direct access to the tables in the database that contain sensitive and private information is not permitted. Access to these tables is done using views and stored procedures. Using views and procedures permits data to be secured at the record level); and
causing, based on the query, the secured link to the attribute to be provided to an authorized user ([0222]: When a user queries the table's view, the user credentials are determined and automatic filters are applied to the query to prevent any records from returning with higher security levels than the current user).

Vesper does not explicitly disclose identifying, based on the lookup, an attribute associated with the encryption key. LaFever, in analogous art however, discloses identifying, based on the lookup, an attribute associated with the encryption key ([0020]: unique, dynamically changing de-identifiers (“DDIDs”)—each associated with a subject, e.g., a person, 
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify the claimed limitations of the database disclosed by LaFever to include identifying, based on the lookup, an attribute associated with the encryption key. This modification would have been obvious because a person having ordinary skill in the art would have been motivated by the desire to provide improve data privacy and security by enabling subjects to which data pertains to remain “dynamically anonymous,” i.e., anonymous for as long as is desired and to the extent that is desired as suggested by LaFever (0019-0020).

As per claim 15:
Vesper discloses receiving, via the first computing device and based on a query for data associated with a user, a search result comprising an attribute of the user ([0125-0126]: Header manager administers the access and storage of the header or PHI information in the database; 
generating, based on the attribute of the user, a data file ([0073]: a DICOM file, is composed of two major components: 1) the actual body of the record, for example, the image data, and 2) the image header information, which contains the personal or patient-identifying information; the header contains personal identifying information, also known as personal information, Protected Health Information, or PHI. Without the PHI header, record data, including image data, is anonymous and does not contain any unique patient identifying information. Therefore, the non-personal or anonymous data portion of a record is referred to herein as the Body; [0175]);
uploading, via the web interface and to a second computing device, the data file comprising an attribute identifier with the attribute of the user ([0177-0178] Loading of records can also occur when records are restored on the system, from direct loading from a file system, either single or multiple files, or CD import of records for directly uploading to the Central Server. Each file uses the Local System ID and Node ID to determine a match. Verification here occurs both when a record is uploaded and when a record is restored on the system; [0257]: The DICOM image was split into protected healthcare information and anonymous DICOM imaging data and 
receiving, via the web interface and from the second computing device, a second encryption key corresponding to the attribute identifier ([0175]: The harvesting process is completed at the server level. During the harvesting process, new records are identified, an encryption key is associated with the study and the PHI and the record are then copied to the local storage node. A copy of the PHI is also sent to the Central Index. The PHI and body of the record are linked using a unique identifier, referred to herein as the Tag or Harvester Tag. This identifier or tag is not an encryption key, but only the link between the PHI and the body of the record. The different components of a record as it is harvested, including PHI, body, Harvester Tag, and Encryption Key); and
storing, via the first computing device and in the database, an association between the attribute, the attribute identifier, and the encryption key ([0178]: store the record, split by the record harvester into its two main parts: PHI and body, The PHI 70 is then encrypted and a Key or Encryption Key is added to the PHI. The PHI plus Key are then sent to the Central Index and stored).

Vesper does not explicitly disclose generating the attribute identifier associated with the attribute of the user. LaFever, in analogous art however, discloses generating the attribute identifier associated with the attribute of the user ([0020]: unique, dynamically changing de-identifiers (“DDIDs”)—each associated with a subject, e.g., a person, place, or thing (e.g., an 
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify the claimed limitations of the attribute of the user file disclosed by LaFever to include to generate the attribute identifier associated with the attribute of the user. This modification would have been obvious because a person having ordinary skill in the art would have been motivated by the desire to provide improve data privacy and security by enabling subjects to which data pertains to remain “dynamically anonymous,” i.e., anonymous for as long as is desired and to the extent that is desired as suggested by LaFever (0019-0020).

As per claims 14 and 16-19:
Claims 14 and 16-19 are directed to a method having substantially similar claimed corresponding limitations to claims 6, 2, 4, 9 and 10 respectively and therefore claims 14 and 16-19 are rejected with the same rationale give above to reject corresponding limitations of claims 6, 2, 4, 9 and 10 respectively.


As per claim 20:
Vesper discloses one or more non-transitory computer-readable media storing instructions that, when executed by a computing platform comprising at least one processor, and memory, cause the computing platform to:
submit, via a first computing device, a query for data associated with a user ([0129-0130: Header manager interfaces with search manager to search the headers or personal information; Search manager to search the headers or personal information, allows a search to be performed on a patient, physician and/or a facility, only searches publicly available patient information. the header search may provide three different fixed criteria: (1) Central or System ID, (2) Local ID, or (3) Last Name, First Name, Date of Birth and Birth City. The patient search function allows record consumers to search for header information with which the record consumer has a trusted relationship);
receive, via the first computing device, a search result comprising an attribute of the user ([0125-0126]: Header manager administers the access and storage of the header or PHI information in the database; the header, PHI or personal information is encrypted in the database to prevent any unauthorized database access from viewing the data. Header manager 150 is comprised of header retriever and header sender. The header manager only returns header information to a trusted session. Header manager encrypts the header information before loading it onto the database, and decrypts it before sending it to a calling function. The system encrypts search criteria for patient information and identifies encrypted data in the database 
generate, based on the plurality of attributes, a plurality of data file comprising a plurality of attribute identifier with the plurality of attribute ([0073]: a DICOM file, is composed of two major components: 1) the actual body of the record, for example, the image data, and 2) the image header information, which contains the personal or patient-identifying information; the header contains personal identifying information, also known as personal information, Protected Health Information, or PHI. Without the PHI header, record data, including image data, is anonymous and does not contain any unique patient identifying information. Therefore, the non-personal or anonymous data portion of a record is referred to herein as the Body; [0175]);
determine, based on a web interface, a size of a batch comprising a sub-plurality of the plurality of data files ([0177]: The loading of records from the system can occur in a few different ways. For examples, records can be pulled from record producer's computer or from PACS or other local storage systems. Loading of records can also occur when records are restored on the system, from direct loading from a file system, either single or multiple files, or CD import of records for directly uploading to the Central Server. When records are harvested, each record is verified on the system to ensure that duplicates are not created (FIG. 16B, block 234). Each file uses the Local System ID and Node ID to determine a match. Verification here occurs both when a record is uploaded and when a record is restored on the system. [0241]: the producer 3002 can upload medical imaging records and later, retrieve them from the storage facility. [0294] timing sequence for uploading DICOM files to the repository as well as the database. Modalities can be used to provide multiple images in sequential order with each modality being located on a 
upload, via a web interface and to a second computing device, the data file comprising the attribute identifier ([0177-0178] Loading of records can also occur when records are restored on the system, from direct loading from a file system, either single or multiple files, or CD import of records for directly uploading to the Central Server. Each file uses the Local System ID and Node ID to determine a match. Verification here occurs both when a record is uploaded and when a record is restored on the system; [0257]: The DICOM image was split into protected healthcare information and anonymous DICOM imaging data and joined by the consumer 3004. The split data was stored in different locations, for example, the protected healthcare information was stored in one area of the network while the imaging data was stored in another part);
receive, via the web interface and from the second computing device, an encryption key corresponding to the sub-plurality of the plurality of data files ([0175]: The harvesting process is completed at the server level. During the harvesting process, new records are identified, an encryption key is associated with the study and the PHI and the record are then copied to the local storage node. A copy of the PHI is also sent to the Central Index. The PHI and body of the record are linked using a unique identifier, referred to herein as the Tag or Harvester Tag. This identifier or tag is not an encryption key, but only the link between the PHI and the body of the record. The different 
store, via the first computing device and in a database, an association between the encryption key and the sub-plurality of the plurality of data files ([0178]: store the record, split by the record harvester into its two main parts: PHI and body, The PHI 70 is then encrypted and a Key or Encryption Key is added to the PHI. The PHI plus Key are then sent to the Central Index and stored).

Vesper does not explicitly disclose generating the attribute identifier associated with the plurality of attribute of the user. LaFever, in analogous art however, discloses generating the attribute identifier associated with the plurality of attribute of the user ([0020]: unique, dynamically changing de-identifiers (“DDIDs”)—each associated with a subject, e.g., a person, place, or thing (e.g., an event, document, contract, or “smart contract”), to which data directly or indirectly pertains or relates (a “Data Subject”), and/or an action, activity, process and/or trait pertaining to a Data Subject, for a temporally unique period of time, thereby enabling the Data Subject to operate in a “dynamically anonymous” manner; [0024]: Each DDID may be associated with any one or more data attributes to facilitate with respect to a specific action, activity, process or trait, the combination of a DDID and any data elements associated with the DDID for a temporally unique period of time are referred to as a temporal data representation, or a “TDR.” For purposes hereof, if no data is associated with a DDID, then a DDID and its temporal data representation (or “TDR”) are identical; [0040]: an attribute or combination of data attributes may identify a Data Subject but are not themselves the Data Subject—the person or legal entity identified by an attribute or 
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify the claimed limitations of the plurality of attribute of the 

BRI (Broadest Reasonable Interpretation)
The above claims under examination have been given their BRI consistent with the applicant’s disclosure as it would be interpreted by one of ordinary skill in the art and the following claim words or terms or phrases or languages have been given to them the following reasonable BRI considerations in view of the applicant’s disclosure in order to construe boundary and scope of the claimed limitations. For example, for the following claim words or terms or phrases or languages, the examiner recites BRI considerations from the applicant’s disclosure as follows:

Data: [0035]: Data may include, for example, data associated with demographic information, market segment information (e.g., household income, age group, residential information, lifestyle, date of birth, age, and so forth). In some instances, certain types of data may be protected data. For example, there are more than thirty known types of protected data. These may include protected personal information (e.g., personally identifiable information ("PII")), protected health information ("PHI"), personal credit information protected under the 

Attribute Identifier: [0039]: The attribute identifier may be a sequential number. In some instances, the attribute identifier may be predictable. In some embodiments, the attribute identifier may be determined for a user. For example, an individual user may be associated with an individual identifier. In some embodiments, the attribute identifier may be determined for a group that includes the user. For example, the group may be a household, and the household may be associated with a household identifier. [0058]: An attribute identifier such as, PartyID, such as for example, the customer level attribute identifier, IndividualID, or the household customer level attribute such as HouseholdID, may be available within an enterprise organization. The PartyID may be a sequential number that may be predictable.

Conclusion
The prior arts made of record and not relied upon are considered pertinent to applicant's disclosure. See the notice of reference cited in form PTO-892 for additional prior arts.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TECHANE GERGISO whose telephone number is (571)272-3784. The examiner can normally be reached 9:30am to 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG W KIM can be reached on 5712723804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.