Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over LaFever et al. (US 20190332807), hereinafter LaFever in view of Manges (US 8631230), hereinafter Manges in view of Kothari et al. (US 9722973), hereinafter Kothari.
	Regarding Claim 1, LaFever teaches
	A computer-implemented method for anonymously transmitting data in a network, comprising: receiving, by a network node (Network Device), from a client device, a request data structure (Para [0069] According to another aspect of another embodiment of the present invention, disclosed herein is a method for facilitating transactions over a network, wherein the method may include the operations of receiving a request, at a privacy server, from a client device to conduct activity over a network; … making the combined temporally unique data representation (TDR) accessible to at least one network device for conducting or initiating the requesting activity);
	identifying, by the network node, in the request data structure, a first substructure containing personal data and a second substructure not containing personal data (Para [0253] When collected or stored, sensitive data may be “disassociated” from its subject using one or more of the following strategies, none of which incurs any loss in value: [0254] 1. Segmentation: Sensitive data may be split into several pieces, by data type, and transmitted and/or stored separately (either in separate Circles of Trust, or using different DDID mapping sets maintained by the same Trusted Party) so that each piece, alone, yields no Personal Data. [0255] 2. ID replacement: Static identifiers can be replaced with dynamically changing and re-assignable DDIDs obscuring the relationship between data and the Data Subject to which that data refers. [0256] 3. Obscuring: data values and data type indicators may also be replaced with DDIDs);
	LaFever does not explicitly teach encrypting, by the network node, the first substructure and transmitting the first encrypted substructure and the second substructure to a server, wherein the personal data encrypted in the first substructure cannot be decrypted and viewed by the server; decrypting, by the network node, the first encrypted substructure and transmitting the first decrypted substructure and the third encrypted substructure to the client device, wherein the third encrypted substructure can be decrypted and viewed by the client device.
	In the same field of endeavor, Manges teaches
	encrypting, by the network node, the first substructure and transmitting the first encrypted substructure and the second substructure to a server, wherein the personal data encrypted in the first substructure cannot be decrypted and viewed by the server (Col. 3, lines 42-50, In some embodiments, the first encryption algorithm may be an asymmetrical encryption algorithm. The method may further include allocating, by the processor of the first computing device, a public key to the entity; providing the public key to the second computing device, where the encrypted data is encrypted using the public key; and storing, in the memory of the first computing device, a private key. The private key may be paired with the public key, and decrypting the encrypted data may include decrypting using the private key.
Col. 10, lines 12-16, In some implementations, neither the client computing devices 120, 122 nor the entity servers 115 have access to the private key);
Col. 18, lines 35-44, In some implementations, a portion of unencrypted user data, transmitted with the encrypted user data, may be supplied to the processing engine as well, for example to be used as identifying information to provide context to the request (e.g., name, zip code, etc.). The decrypted user data, in some implementations, is provided to the processing engine in a secure transmission. Prior to providing the decrypted user data to the processing engine, for example, the data may be encrypted in a format recognizable by the processing engine),
	wherein the third encrypted substructure can be decrypted and viewed by the client device (Col. 18, lines 17-19, In some implementations, the encrypted user data is decrypted using the private key and a decryption algorithm (412)).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of LaFever to incorporate the teachings by Manges such that the method of LaFever includes encrypting, by the network node, the first substructure and transmitting the first encrypted substructure and the second substructure to a server, decrypting, by the network node, the first encrypted substructure and transmitting the first decrypted substructure and the third encrypted substructure to the client device, wherein the personal data encrypted in the first substructure cannot be decrypted and viewed by the server; wherein the third encrypted substructure can be decrypted and viewed by the client device. One would have been motivated to make such combination in order to provide encryption algorithms and a public key, where the one or more encryption algorithms are configured to encrypt data using the public key to obtain encrypted data, where the encrypted data is configured to be decrypted using a private key paired with the public key (Manges, Col. 4, lines 56-60).
receiving, by the network node (data parser), from the server a response data structure; Identifying, by the network node, in the response data structure, the first encrypted substructure and a third encrypted substructure (fields that were anonymized), wherein the third encrypted substructure cannot be decrypted and viewed by the network node.
	In the same field of endeavor, Kothari teaches
	receiving, by the network node (data parser), from the server a response data structure (Col. 17, lines 57-59, As one skilled in the art appreciates, if a SQL command is sent to retrieve data from the host cloud, the response (received data) is received by the receive data parser 704);
	Identifying, by the network node, in the response data structure, the first encrypted substructure and a third encrypted substructure (fields that were anonymized), wherein the third encrypted substructure cannot be decrypted and viewed by the network node (Col. 17, lines 60-63, The receive data parser 704 will evaluate and determine the format for the received data, for example, as a response to a SQL command. Then, the receive data parser 704 identifies one or more fields that were anonymized. These anonymized fields are then de-anonymized by the de-anonymization module 410. The received response is reformatted with de-anonymized data and the response with clear data is sent to the user. Col. 24, lines 5-7, Now, referring to row 744, for DATA FIELD 1, both anonymization and de-anonymization functions are permitted to be performed by the slave anonymization system 714. Col.24, lines 19-23, Now, referring to row 746, for DATA FIELD 4, neither anonymization nor deanomymization is permitted. However, referring to column 740, selective de-anonymization of DATA FIELD 4 is permitted, for example, to generate aggregate value).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of the combination of LaFever and Manges to incorporate the teachings by Kothari such that the method of the combination of LaFever 
	Regarding Claim 2, the combination of LaFever, Manges, and Kothari teaches all the limitations of claim 1 above,
	wherein the network node is located in a first regional network different from a second regional network in which the server is located (Kothari, Col. 3,, lines 63-67, Col. 4, lines 1-4, FIG. 1A shows a top-level block diagram of a system 100 with anonymization system of this disclosure that is used to send data from a user system, according to one aspect of the present disclosure. System 100 includes a user system 102 that is coupled via a gateway 104 and a network connection 106 to a server 110 through another gateway 108. In one aspect, server 110 is a web-server. Gateway 104 in one embodiment includes an anonymization system 112 of this disclosure).  Examiner notes that with the gateway 104 and gateway 108 between the user system 102 and server 110, the gateway 104 (the network node) is in different network region that the server.
	The motivation/rationale to combine the references is similar to claim 1 above.
	Regarding Claim 3, the combination of LaFever, Manges, and Kothari teaches all the limitations of claim 1 above,
	wherein the network node is not located in a same intranet as the server and the client device (LaFever, [0047] Embodiments of the present invention may create additional layers of abstraction by replacing identifying references within the system to external networks, internets, intranets, and/or computing devices that may be integrated, or communicate, with one or more embodiments of the present invention with DDIDs so that one or more RKs and/or AKs are necessary to enable access to and use of look-up tables to determine the identity of the one or more external networks, internets, intranets, and/or computing devices replaced by said one or more DDIDs). Examiner notes that for embodiment implemented for the intranet, the client device, the network node and the server are in the same intranet network region.
	Regarding Claim 4, the combination of LaFever, Manges, and Kothari teaches all the limitations of claim 1 above,
	wherein the first regional network and the second regional network are located in different legal jurisdictions (LaFever, Para [0032] … The ability of Dynamic Anonymity to enable Data Subjects to directly or indirectly control use of their data in accordance with their personal privacy/anonymity preferences can support disparate treatment of data in disparate jurisdictions notwithstanding different data use/privacy/anonymity requirements in such jurisdictions (e.g., differences between European Union “fundamental right” and U.S. balancing of privacy rights/right to free expression/commerce perspectives on data privacy/anonymity).  Para [0047] Embodiments of the present invention may create additional layers of abstraction by replacing identifying references within the system to external networks, internets, intranets, …).
	Regarding Claim 5, the combination of LaFever, Manges, and Kothari teaches all the limitations of claim 1 above,
	wherein the third encrypted substructure is encrypted by the server with a public key of the client device, and wherein the third encrypted substructure is decrypted by the client device with a private key of the client device (Manges, Col. 3, lines 42-50, In some embodiments, the first encryption algorithm may be an asymmetrical encryption algorithm. The method may further include allocating, by the processor of the first computing device, a public key to the entity; providing the public key to the second computing device, where the encrypted data is encrypted using the public key; and storing, in the memory of the first computing device, a private key. The private key may be paired with the public key, and decrypting the encrypted data may include decrypting using the private key).
	The motivation/rationale to combine the references is similar to claim 1 above.
	Regarding Claim 6, the combination of LaFever, Manges, and Kothari teaches all the limitations of claim 1 above,
	wherein personal data includes personal data of a user of the client device (LaFever, Para [0253] When collected or stored, sensitive data may be “disassociated” from its subject using one or more of the following strategies, none of which incurs any loss in value: [0254] 1. Segmentation: Sensitive data may be split into several pieces, by data type, and transmitted and/or stored separately (either in separate Circles of Trust, or using different DDID mapping sets maintained by the same Trusted Party) so that each piece, alone, yields no Personal Data. [0255] 2. ID replacement: Static identifiers can be replaced with dynamically changing and re-assignable DDIDs obscuring the relationship between data and the Data Subject to which that data refers. [0256] 3. Obscuring: data values and data type indicators may also be replaced with DDIDs).
	Regarding Claim 7, the combination of LaFever, Manges, and Kothari teaches all the limitations of claim 1 above,
	wherein the second substructure includes malware-related data identified on the client device (LaFever, Para [0061] Medical devices 52 may be configured with appropriate network interfaces with HE modules that can encrypt packet header information. In an example embodiment, the source address of medical devices 52 may be encrypted using HE; thus, botnets may not be able to find the original address, and a DDoS attack can be mitigated by forwarding all malicious traffic to a sinkhole).
	Regarding Claim 8, the combination of LaFever, Manges, and Kothari teaches all the limitations of claim 1 above,
LaFever, Para [0047] Embodiments of the present invention may create additional layers of abstraction by replacing identifying references within the system to external networks, internets, intranets, and/or computing devices that may be integrated, or communicate, with one or more embodiments of the present invention with DDIDs so that one or more RKs and/or AKs are necessary to enable access to and use of look-up tables to determine the identity of the one or more external networks, internets, intranets, and/or computing devices replaced by said one or more DDIDs).
	Regarding Claim 9,
Claim 9 is rejected for similar reasons as in claim 1.
	LaFever teaches
	A system for anonymously transmitting data in a network, comprising: a network node having hardware processor configured to (Para [0041] These system modules, and if desired other modules disclosed herein, may be implemented in program code executed by a processor in the privacy server computer, or in another computer in communication with the privacy server computer …).
Regarding Claims 10 and 18,
Claims 10 and 18 are rejected for similar reasons as in claim 2.
Regarding Claims 11 and 19,
Claims 11 and 19 are rejected for similar reasons as in claim 3.
Regarding Claims 12 and 20,
Claims 12 and 20 are rejected for similar reasons as in claim 4.
	Regarding Claim 13,
Claim 13 is rejected for similar reasons as in claim 5.
	Regarding Claim 14,
Claim 14 is rejected for similar reasons as in claim 6.
Regarding Claim 15,
Claim 15 is rejected for similar reasons as in claim 7.
	Regarding Claim 16,
Claim 16 is rejected for similar reasons as in claim 8.
	Regarding Claim 17,
Claim 17 is rejected for similar reasons as in claim 1.
	LaFever teaches 
	A non-transitory computer readable medium comprising computer executable instructions for anonymously transmitting data in a network, including instructions for (Para [0041], … The program code may be stored on a computer readable medium, accessible by the processor. The computer readable medium may be volatile or non-volatile, and may be removable or non-removable …).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Sinor (US 9369443); Goeller et al. (US 20110038483); Deshpande (US 20150082025); Nambiar (US 20160203336); and Soon-Shiong (US 20190124051).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HAMID TALAMINAEI whose telephone number is (571)270-3283. The examiner can normally be reached Flexible, M-F 7:30 -5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/HAMID TALAMINAEI/Examiner, Art Unit 2436                                                                                                                                                                                                        

/FATOUMATA TRAORE/Primary Examiner, Art Unit 2436