DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 21-40 are pending.
The claim objections (except for the one(s) being repeated below) have been withdrawn in view of the claim amendment. 

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 02/14/22 has been entered.

Response to Arguments
Applicant's arguments filed on 02/14/22 have been fully considered. 
In response to Applicant’s argument that Hernacki, Tenneti, Salmenkaita, Mortiz, and Knight, fail to disclose or suggest, and the rejection fails to otherwise consider, each and every element of the rejected claims (page 12 of Remarks), Examiner acknowledged Applicant’s 

In response to Applicant’s argument that specifically, the added limitation of "tracking the distribution of the user activity data from the server" is not found in the cited art (page 13 of Remarks), Examiner acknowledged Applicant’s perspective but respectfully disagreed for the following reasons.
Upon further reviewing of the cited references, it was found that Knight discloses the above limitation.  Knight discloses “The client 130 also sends the server 120 check-in messages. Sending a check-in message to the server 120 enables the client 130 to obtain browsing history information that is stored at the server (which can then be merged with the client's local browsing history 340). In one embodiment, a check-in message includes an identifier of the sending client 130 and a timestamp that indicates when the client last sent a check-in message to the server. The client 130 receives from the server 120 information regarding browsing histories 340 generated by other clients 130 that are in the same sync group as the first client 130. The client 130 uses the received browsing history information to synchronize its local browsing history 340 with the browsing histories of the other clients 130 in the sync group” (¶24) and “The server communication log 350 stores a list of chronologically-ordered timestamps, where a timestamp indicates an occurrence of the client 130 communicating with the server 120. “Communicating with the server 120” means sending a first message to the server 120 and receiving a second message from the server in response” (¶39).
For at least the above reasons, the added limitation of "tracking the distribution of the user activity data from the server" is disclosed by the cited prior art.

In response to Applicant’s argument that the cited references fail to disclose or suggest the limitations recited in claim 21 (pages 13-14 of Remarks), Examiner acknowledged Applicant’s perspective but respectfully disagreed because the cited references do disclose the limitations recited in claim 21 as seen below.

Claim Objections
Claims --21, 23, 28, and 35 are objected to because of the following informalities:  
“the online user activity” in line 8 of claim 23 lacks antecedent basis and should read “the online user activity data”.  
“the distribution” in last line of claims 21, 28, and 35 lacks antecedent basis.
“the user activity data” in last line of claims 21, 28, and 35 should read “the online user activity data”.
Appropriate correction is required.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 21-22 and 24-27 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-6 of U.S. Patent No. 9,954,849 in view of Tenneti (US . Although the claims at issue are not identical, they are not patentably distinct from each other because claims 1-6 of U.S. Patent No. 9,954,849 contain most of the limitations of claims 21-22 and 24-27 of the instant application except for the limitations of “determining, by the server, one or more processing rules associated with the data consumer and/or the data consumer identifier”, “determining, by the server, whether the online user activity data is designated to be processed based on the one or more processing rules”, and “processing, by the server, the online user activity data when the server determines the online user activity data is designated to be processed based on the one or more processing rules” recited in independent claim 21.  Tenneti discloses the above missing limitations (e.g. abstract, ¶51, 59, 103, 106).  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Tenneti into the method, system, and medium of the patent claims for the purpose of ensuring privacy and security of personal information relating to a user (Tenneti, ¶7).  Moreover, claims 1-6 of U.S. Patent No. 9,954,849  do not recite the limitations of “receiving, at a server, a request from a data consumer to synchronize online user activity data from the server with online user activity data of the data consumer”, “transmitting the online user activity data from the server to be synced with online user activity data of the data consumer”, and “tracking the distribution of the user activity data from the server” recited in independent claim 21.  Knight discloses the above missing limitations (see mapping below).  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Knight into the method, system, and medium of the patent claims for the purpose of synchronizing web browsing histories using a server (Knight, ¶3).  Furthermore, claims 1-6 of U.S. Patent No. 9,954,849 do not recite the provided to the data consumer after successful registration” recited in independent claim 21.  Knight 366 discloses this missing limitation (see mapping below).  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Knight 366 into the method, system, and medium of the patent claims for the purpose of enabling the server to allow only registered client to send request to the server (Knight 366, ¶620).

Claims 21-27 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-7 of U.S. Patent No. 10,652,231 in view of Tenneti (US 20130332987) in view of Knight (US 20150347614) and further in view of Knight 366 (US 20100031366). Although the claims at issue are not identical, they are not patentably distinct from each other because claims 1-7 of U.S. Patent No. 10,652,231 contain most of the limitations of claim 21-27 of the instant application except for the limitations of “determining, by the server, one or more processing rules associated with the data consumer and/or the data consumer identifier”, “determining, by the server, whether the online user activity data is designated to be processed based on the one or more processing rules”, and “processing, by the server, the online user activity data when the server determines the online user activity data is designated to be processed based on the one or more processing rules” recited in independent claim 21.  Tenneti discloses the above missing limitations (e.g. abstract, ¶51, 59, 103, 106).  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Tenneti into the method, system, and medium of the patent claims for the purpose of ensuring privacy and security of personal information relating to a user (Tenneti, ¶7).  Moreover, claims 1-7 of U.S. Patent No. 10,652,231 do not recite the limitations of “receiving, at to synchronize online user activity data from the server with online user activity data of the data consumer”, “transmitting the online user activity data from the server to be synced with online user activity data of the data consumer”, and “tracking the distribution of the user activity data from the server” recited in independent claim 21.  Knight discloses the above missing limitations (see mapping below).  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Knight into the method, system, and medium of the patent claims for the purpose of synchronizing web browsing histories using a server (Knight, ¶3).  Furthermore, claims 1-7 of U.S. Patent No. 10,652,231 do not recite the limitation of “a data consumer identifier provided to the data consumer after successful registration” recited in independent claim 21.  Knight 366 discloses this missing limitation (see mapping below).  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Knight 366 into the method, system, and medium of the patent claims for the purpose of enabling the server to allow only registered client to send request to the server (Knight 366, ¶620).

Claims 21-27 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-7 of U.S. Patent No. 10,313,326 in view of Tenneti (US 20130332987) in view of Knight (US 20150347614) and further in view of Knight 366 (US 20100031366). Although the claims at issue are not identical, they are not patentably distinct from each other because claims 1-7 of U.S. Patent No. 10,313,326 contain most of the limitations of claims 21-27 of the instant application except for the limitations of “online user activity data”, “determining, by the server, one or more processing rules associated with the data consumer and/or the data based on the one or more processing rules”, and “processing, by the server, the online user activity data when the server determines the online user activity data is designated to be processed based on the one or more processing rules” recited in independent claim 21.  Tenneti discloses the above missing limitations (e.g. abstract, ¶51, 59, 103, 106).  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Tenneti into the method, system, and medium of the patent claims for the purpose of ensuring privacy and security of personal information relating to a user (Tenneti, ¶7).  Moreover, claims 1-7 of U.S. Patent No. 10,313,326 do not recite the limitations of “receiving, at a server, a request from a data consumer to synchronize online user activity data from the server with online user activity data of the data consumer”, “transmitting the online user activity data from the server to be synced with online user activity data of the data consumer”, and “tracking the distribution of the user activity data from the server” recited in independent claim 21.  Knight discloses the above missing limitations (see mapping below).  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Knight into the method, system, and medium of the patent claims for the purpose of synchronizing web browsing histories using a server (Knight, ¶3).  Furthermore, claims 1-7 of U.S. Patent No. 10,313,326 do not recite the limitation of “a data consumer identifier provided to the data consumer after successful registration” recited in independent claim 21.  Knight 366 discloses this missing limitation (see mapping below).  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described .
  
Claims 28-29, 31-36, and 38-40 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 7-17 of U.S. Patent No. 9,954,849 in view of Tenneti (US 20130332987) and further in view of Knight (US 20150347614). Although the claims at issue are not identical, they are not patentably distinct from each other because claims 7-17 of U.S. Patent No. 9,954,849 contain most of the limitations of claims 28-29, 31-36, and 38-40 of the instant application except for the limitations “determining, by the server, one or more processing rules associated with the data consumer and/or the data consumer identifier”, determining, by the server, whether the online user activity data is designated to be processed based on the one or more processing rules”, and “processing, by the server, the online user activity data when the server determines the online user activity data is designated to be processed based on the one or more processing rules” recited in independent claims 28 and 35.  However, Tenneti discloses the above missing limitations (see mapping below).  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Tenneti into the method, system, and medium of the patent claims for the purpose of ensuring privacy and security of personal information relating to a user (Tenneti, ¶7).  Moreover, claims 7-17 of U.S. Patent No. 9,954,849 do not recite the limitations of “receiving, at a server, a request from a data consumer to synchronize online user activity data from the server with online user activity data of the data consumer”, “transmitting the online user activity data to be synced with online user activity data of the data consumer”, and “tracking the distribution of the user activity data from the server” recited in independent claims 28 and 35.  However, Knight discloses .
 
Claims 28-40 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 8-20 of U.S. Patent No. 10,313,326 in view of Tenneti (US 20130332987) and further in view of Knight (US 20150347614). Although the claims at issue are not identical, they are not patentably distinct from each other because claims 8-20 of U.S. Patent No. 10,313,326 contain most of the limitations of claims 28-40 of the instant application except for the limitations “determining, by the server, one or more processing rules associated with the data consumer and/or the data consumer identifier”, “determining, by the server, whether the online user activity data is designated to be processed based on the one or more processing rules”, and “processing, by the server, the online user activity data when the server determines the online user activity data is designated to be processed based on the one or more processing rules” recited in independent claims 28 and 35.  However, Tenneti discloses the above missing limitations (see mapping below).  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Tenneti into the method, system, and medium of the patent claims for the purpose of ensuring privacy and security of personal information relating to a user (Tenneti, ¶7).  Moreover, claims 8-20 of U.S. Patent No. 10,313,326 do not recite the limitations of “receiving, at a server, a request from a data consumer to synchronize online user activity data from the server with online user activity data of the data consumer”, “transmitting the online user activity data to be synced with online user activity data of the data consumer” and “tracking the distribution of the user activity data from the server” recited in independent claims 28 and 35.  However, Knight discloses the above missing limitations (see mapping below.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Knight into the method, system, and medium of the patent claims as modified by Tenneti for the purpose of synchronizing web browsing histories using a server (Knight, ¶3).

Claims 28-40 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 8-20 of U.S. Patent No. 10,652,231 in view of Tenneti (US 20130332987) and further in view of Knight (US 20150347614). Although the claims at issue are not identical, they are not patentably distinct from each other because claims 8-20 of U.S. Patent No. 10,652,231contain most of the limitations of claims 28-40 of the instant application except for the limitations “determining, by the server, one or more processing rules associated with the data consumer and/or the data consumer identifier”, “determining, by the server, whether the online user activity data is designated to be processed based on the one or more processing rules”, and “processing, by the server, the online user activity data when the server determines the online user activity data is designated to be processed based on the one or more processing rules” recited in independent claims 28 and 35.  
Tenneti discloses “determining, by the server, one or more processing rules associated with the data consumer and/or the data consumer identifier”, “determining, by the server, whether the online user activity data is designated to be processed based on the one or more processing rules”, and “processing, by the server, the online user activity data when the server determines the online user activity data is designated to be processed based on the one or more processing rules” (e.g. 
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Tenneti into the method, system, and medium of the patent claims for the purpose of ensuring privacy and security of personal information relating to a user (Tenneti, ¶7).
Moreover, claims 8-20 of U.S. Patent No. 10,652,231 do not recite the limitations of “receiving, at a server, a request from a data consumer to synchronize online user activity data from the server with online user activity data of the data consumer”, “transmitting the online user activity data to be synced with online user activity data of the data consumer” and tracking the distribution of the user activity data from the server.  However, Knight discloses “receiving, at a server, a request from a data consumer to synchronize online user activity data from the server with online user activity data of the data consumer” and “transmitting the online user activity data to be synced with online user activity data of the data consumer” (Knight, e.g. ¶24: The client 130 also sends the server 120 check-in messages. Sending a check-in message to the server 120 enables the client 130 to obtain browsing history information that is stored at the server (which can then be merged with the client's local browsing history 340). In one embodiment, a check-in message includes an identifier of the sending client 130 and a timestamp that indicates when the client last sent a check-in message to the server. The client 130 receives from the server 120 information regarding browsing histories 340 generated by other clients 130 that are in the same sync group as the first client 130. The client 130 uses the received browsing history information to synchronize its local browsing history 340 with the browsing histories of the other clients 130 in the sync group.) and tracking the distribution of the user activity data from the server. (Knight, e.g. ¶24, 39: The server communication log 350 stores a list of chronologically-ordered timestamps, where a timestamp indicates an occurrence of the client 130 communicating with the server 120. “Communicating with the server 120” means sending a first message to the server 120 and receiving a second message from the server in response)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Knight into the method, system, and medium of the patent claims as modified by Tenneti for the purpose of synchronizing web browsing histories using a server (Knight, ¶3).
Instant Application 16836404
US Patent No. 10,652,231
US Patent No. 10,313,326

1 in view of Tenneti, Knight, and Knight366
1 in view of Tenneti, Knight, and Knight366
22-27
2-7 
2-7 
28
8 in view of Tenneti and Knight
8 in view of Tenneti and Knight
29-34
9-14
9-14
35
15 in view of Tenneti and Knight
15 in view of Tenneti and Knight
36-40
16-20
16-20


Instant Application 16836404
US Patent No. 9,954,849
21
1 in view of Tenneti,  Knight, and Knight366
22, 24-27
2-6 
28
7 in view of Tenneti and Knight
29, 31-34
8-12
35
13 in view of Tenneti and Knight
36, 38-40
14-17


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 21-22 are rejected under 35 U.S.C. 103 as being unpatentable over Hernacki (US 8468608) in view of Tenneti (US 20130332987) in view of Knight (US 20150347614) and further in view of Knight 366 (US 20100031366).

Claim 21, Hernacki discloses A method for managing online data element secure sharing, the method including: 
receiving, at a server, a request from a data consumer, (e.g. col. 6, ll. 37-40: a request analysis module 320 of the DRM server 110 receives a request for content 120 from the client 150, the request for content 120 includes a content identifier and client classification information) the request including a data consumer identifier; (e.g. col. 6, ll. 4-20: client classification information)
determining, by the server, one or more processing rules associated with the data consumer and/or the data consumer identifier; (e.g. col. 7, ll. 21-27, 59-62: a policy determination module 340 receives the content identifier from the request analysis module 320 and the client capabilities information from the client capabilities  module 330 and interacts with the storage module 310 and cross-references the content identifier against the policy table to identify a policy for the requested content 120…the policies can include rules for defining access rights for the content 120)
 (e.g. col. 8, ll. 26-36: the policy determination module 340 determines whether the content 120 should be transformed to a different format in order to enforce the policy for the requested content 120. The determination of whether transformation is required is based on the policy rules for the requested content 120 in view of the client classification information and/or authorization information for the client 150. If transformation is required, the policy determination module 340 generates transformation instructions including information describing a transformation of the content 120 required to enforce the policy)
processing, by the server, the online user data from the server when the server determines the online user data from the server is designated to be processed based on the one or more processing rules to generate processed online user data from the server; (e.g. col. 9, ll. 35-46: the content transformation module 350 of the DRM server 110 transforming the content 120 which includes changing the content from one format to a different format that is both consistent with the policy and supported by the client 150. Transforming the content 120 can also include embedding access rights metadata within the transformed content (e.g., the content 120 can be transformed to a PDF file 40 embedded with DRM restrictions). If the transformation instructions indicate that the secure information within the content 120 should be censored, then the transformation module 350 will redact, extract or otherwise censor the secure information, or a subset of the secure information, from the content 120 as indicated by the transformation instructions)
transmitting the online user data from the server. (e.g. col. 9, ll. 47-49: a content delivery module 360 of the DRM server 110 delivers the content 120 to the client 150).
 user activity data (e.g. abstract, ¶51, 59, 103, 106:  As users consume content and/or use devices and/or services, personal information related to the user may be obtained…Personal information may be provided by a user and/or be generated based on the user's activities. For example, a user may provide a client device used to consume content with personal identification information (e.g., age, gender, and/or the like) and/or content preference information (e.g., preferred genres, artists, and/or the like). Similarly, a client device may passively collect personal usage information regarding the types of content a user consumes, the number of times certain content is consumed, and/or the like. Collectively, personal information may include, without limitation, user attributes such as gender, age, content preferences, geographic location, attributes and information associated with a user's friends, contacts, and groups included in a user's social network, information related to content usage patterns (including, e.g., what content is consumed), content recommendations, ad viewing patterns, and/or the like…Personal information may include usage data information related to a user's content usage habits. Usage data may include information regarding the types of content a user consumes, the number of times certain content is consumed, metrics or attributes derivable from a user's history of interactivity with ads and/or content, purchasing history, browsing history, content rendering history, and/or the like. In certain embodiments, usage data may be generated locally on a user's device through monitoring of a user's interaction with the device (e.g., as content is consumed and/or the user performs other actions using the device). Alternatively or in addition, usage data may be generated by a trusted 
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Tenneti into the invention of Hernacki for the purpose of ensuring privacy and security of personal information relating to a user (Tenneti, ¶7).
Although Hernacki-Tenneti discloses receiving, at server, a request from a data consumer and transmitting the online user activity data from the server (see above), the combination does not appear to explicitly disclose but Knight discloses receiving, at server, a request from a data consumer to synchronize online user activity data from the server with online user activity data of the data consumer and transmitting the online user activity data from the server to be synced with the online user activity data of the data consumer. (Knight, e.g. ¶24: The client 130 also sends the server 120 check-in messages. Sending a check-in message to the server 120 enables the client 130 to obtain browsing history information that is stored at the server (which can then be merged with the client's local browsing history 340). In one embodiment, a check-in message includes an identifier of the sending client 130 and a timestamp that indicates when the client last sent a check-in message to the server. The client 130 receives from the server 120 information regarding browsing histories 340 generated by other clients 130 that are in the same sync group as the first client 130. The client 130 uses the received browsing history information to synchronize its local browsing history 340 with the browsing histories of the other clients 130 in the sync group) and tracking the distribution of the user activity data from the server. (Knight, e.g. ¶24, 39: The server communication log 350 stores a list of chronologically-ordered timestamps, where a timestamp indicates an occurrence of the client 130 communicating with the server 120. “Communicating sending a first message to the server 120 and receiving a second message from the server in response)
	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Knight into the invention of Hernacki-Tenneti for the purpose of synchronizing web browsing histories using a server and limiting client communications to the server (Knight, ¶3).
Although Hernacki-Tenneti-Knight discloses the request including a data consumer identifier (see above), the combination does not appear to explicitly discloses but Knight 366 discloses a data consumer identifier provided to the data consumer after successful registration (e.g. ¶622: The identifier will be created by the server during the registration process, and then assigned to the client. The client must then include this identifier in every subsequent request).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Knight 366 into the invention of Hernacki-Tenneti-Knight for the purpose of enabling the server to allow only registered client to send request to the server (Knight 366, ¶620).

Claim 22, Hernacki-Tenneti-Knight-Knight 366 discloses The method of claim 21, wherein the data consumer is at least one of a data owner, a data broker, an Internet advertiser, reporting service, an impression bidder, and a data management platform service. (Hernacki, e.g. col. 3, ll. 38-47: the human user of the client 150 and client 150 own data (at least user data) stored in the client 150 and thus is a type of data owner, moreover client 150 is used by the human user to request and access the content and thus is a type of data management platform service for the human user).

Claims 23 and 26 are rejected under 35 U.S.C. 103 as being unpatentable over Hernacki (US 8468608) in view of Tenneti (US 20130332987) in view of Knight (US 20150347614) in view of Knight 366 (US 20100031366) and further in view of Salmenkaita (US 20020188589).

Claim 23, Hernacki-Tenneti-Knight-Knight 366 discloses The method of claim 21, further comprising: determining whether the online user data from the server is designated to have privileges set; and upon determining that the online user data from the server is designated to have privileges set, setting one or more privileges to the online user data from the server associated with the data consumer identifier, wherein the one or more privileges include at least one of restricting access time to the online user data from the server, restricting the online user activity from the server to a type or format of the online user activity data from the server, restricting the online user data from the server to be aggregated data, and revoking access to the online user data from the server under predefined conditions. (Hernacki, e.g. col. 9, ll. 35-46: the content transformation module 350 of the DRM server 110 transforming the content 120 which includes changing the content from one format to a different format that is both consistent with the policy and supported by the client 150. Transforming the content 120 can also include embedding access rights metadata within the transformed content (e.g., the content 120 can be transformed to a PDF file 40 embedded with DRM restrictions). If the transformation instructions indicate that the secure information within the content 120 should be censored, then the transformation module 350 will redact, extract or otherwise censor the secure information, or a subset of the secure information, from the content 120 as indicated by the transformation instructions)
activity data (e.g. abstract, ¶51, 59, 103, 106:  As users consume content and/or use devices and/or services, personal information related to the user may be obtained…Personal information may be provided by a user and/or be generated based on the user's activities. For example, a user may provide a client device used to consume content with personal identification information (e.g., age, gender, and/or the like) and/or content preference information (e.g., preferred genres, artists, and/or the like). Similarly, a client device may passively collect personal usage information regarding the types of content a user consumes, the number of times certain content is consumed, and/or the like. Collectively, personal information may include, without limitation, user attributes such as gender, age, content preferences, geographic location, attributes and information associated with a user's friends, contacts, and groups included in a user's social network, information related to content usage patterns (including, e.g., what content is consumed), content recommendations, ad viewing patterns, and/or the like…Personal information may include usage data information related to a user's content usage habits. Usage data may include information regarding the types of content a user consumes, the number of times certain content is consumed, metrics or attributes derivable from a user's history of interactivity with ads and/or content, purchasing history, browsing history, content rendering history, and/or the like. In certain embodiments, usage data may be generated locally on a user's device through monitoring of a user's interaction with the device (e.g., as content is consumed and/or the user performs other actions using the device). Alternatively or in addition, usage data may be generated by a trusted third party (e.g., a content provider, an ad provider, and/or a clearinghouse) capable of monitoring a user's interaction with a device and/or delivery of items to the device.).  Same motivation as in claim 28 would apply. 
using a certificate associated with the data consumer identifier (e.g. ¶98, 103, 107:  Registration is the granting by the user of access permission to the program, to access the current context of the user's wireless device and/or to access other portions of the user's private data…the user's private data, including current context information, personal data entered by the user, the user's Internet usage history data, the user's Internet cookie data, and the user's application program usage data…The user can configure any levels of permission in between the highest and lowest and make that the basis for the registration. The user can include the terms of registration in a digital certificate signed by the user and appended to the application program).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Salmenkaita into the invention of Hernacki-Tenneti-Knight-Knight 366 for the purpose of providing enhanced privacy for the user’s private data (Salmenkaita, ¶7).

Claim 26, Hernacki-Tenneti-Knight-Knight 366 discloses The method of claim 21, (see above) and does not appear to explicitly disclose but Salmenkaita discloses decrypting the request for the online user activity data from the server using a certificate associated with the data consumer identifier to determine a decrypted request, (e.g. ¶104-105, 107: decrypting the digital signature in the registration certificate presented by the application program requesting access to the user’s private data to verify that the digital signature is genuine.  Note that since the digital 
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Salmenkaita into the invention of Hernacki-Tenneti-Knight-Knight 366 for the purpose of providing enhanced privacy for the user’s private data (Salmenkaita, ¶7).

Claims 24-25 and 27 are rejected under 35 U.S.C. 103 as being unpatentable over Hernacki (US 8468608) in view of Tenneti (US 20130332987) in view of Knight (US 20150347614) in view of Knight 366 (US 20100031366) and further in view of Mortiz (US 20110283365).

Claim 24, Hernacki-Tenneti-Knight-Knight 366 discloses The method of claim 21 (see above), and does not appear to explicitly disclose but Mortiz discloses receiving, from a digital rights management system, an authentication request, the authentication request requesting allowance to access the processed online user activity data from a data consumer. (e.g. ¶2, 10, 15-17: Telecom operators providing network services have access to large quantities of data about subscribing users. For example, an operator can collect data about user behaviour, services used, charging records, web-pages visited, other subscribers called, etc… The communications system includes a data mining agent for generation of a data file containing user-related data which may include, for example, user data, user behaviour, user location and/or information derived 
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Mortiz into the invention of Hernacki-Tenneti-Knight-Knight 366 for the purpose of ensuring that changes in user preferences are taken into account (Mortiz, ¶17).

Claim 25, Hernacki-Tenneti-Knight-Knight 366-Mortiz discloses The method of claim 24, further comprising: determining, by the server, whether to allow access to the processed online user activity data; and transmitting, to the digital rights management system, a result of the determination of whether to allow access to the processed online user activity data. (Mortiz, e.g. fig. 2, Ping/ok req. and the response arrow, ¶17, 30: the processing arrangement may initiate one or more requests to the communications system for processing of the user-related data on the basis of user consent data held by the communications system…The certified data-processing application 209 is trusted to not reveal the operator-provided data outside the application. If the data-processing application would like to read the information again it first needs to "unlock" it by doing a simple "ping-request" like query to a data rule storage 210 located at the operator sphere. This storage 210 is where all rules (e.g. user consent, b2b agreements etc.) from the user and the 

Claim 27, Hernacki-Tenneti-Knight-Knight 366 discloses The method of claim 21, (see above) and does not appear to explicitly disclose but Mortiz discloses encrypting the online user activity data from the server using a certificate associated with the data consumer identifier by: transmitting, to a digital rights management platform, the online user activity data from the server and the certificate associated with the data consumer identifier; and receiving, from the digital rights management platform, encrypted online user activity data from the server. (e.g. fig. 2, ¶2, 10-11, 13, 15-16, 29-30: Telecom operators providing network services have access to large quantities of data about subscribing users. For example, an operator can collect data about user behaviour, services used, charging records, web-pages visited, other subscribers called, etc…The communications system includes a data mining agent for generation of a data file containing user-related data which may include, for example, user data, user behaviour, user location and/or information derived therefrom…The communications system can connect to an external processing arrangement so as to transfer the data file, preferably protected by a key, and the usage rights object thereto… A protected, (i.e. encrypted) data file is decrypted at the processing arrangement…a license or Rights Object (RO) 106 which is signed by the rights issuer 101 to deter manipulation…In order to provide such protection, an analogous situation can be created, as illustrated in FIG. 2…)
.

Claims 28-29 and 35-36 are rejected under 35 U.S.C. 103 as being unpatentable over Hernacki (US 8468608) in view of Tenneti (US 20130332987) and further in view of Knight (US 20150347614).

Claim 35, this claim is rejected for similar reasons as in claim 28.

Claim 36, this claim is rejected for similar reasons as in claim 29.

Claim 28, Hernacki discloses A system for managing online data secure sharing, (e.g. fig. 1, col. 2, ll. 17-34) the system including: 
at least one data storage device storing instructions for securely managing online data sharing; (e.g. fig. 2, col. 4, ll. 61-col. 5, ll. 2: storage device 208 storing computer program modules for providing functionality described herein which are loaded into memory 206) and 
at least one processor configured to execute the instructions to perform operations managing online data secure sharing, (e.g. fig. 2, col. 5, ll. 2: processor 202 configured to execute the computer program modules for providing functionality described herein) the operations comprising: 

determining, by the server, one or more processing rules associated with the data consumer and/or the data consumer identifier; (e.g. col. 7, ll. 21-27, 59-62: a policy determination module 340 receives the content identifier from the request analysis module 320 and the client capabilities information from the client capabilities  module 330 and interacts with the storage module 310 and cross-references the content identifier against the policy table to identify a policy for the requested content 120…the policies can include rules for defining access rights for the content 120)
determining, by the server, whether the online user data from the server is designated to be processed based on the one or more processing rules; (e.g. col. 8, ll. 26-36: the policy determination module 340 determines whether the content 120 should be transformed to a different format in order to enforce the policy for the requested content 120. The determination of whether transformation is required is based on the policy rules for the requested content 120 in view of the client classification information and/or authorization information for the client 150. If transformation is required, the policy determination module 340 generates transformation instructions including information describing a transformation of the content 120 required to enforce the policy)
processing, by the server, the online user data from the server when the server determines the online user data from the server is designated to be processed based on the one or more processing rules to generate processed online user data from the server; (e.g. col. 9, ll. 35-46: the 
transmitting the online user data from the server. (e.g. col. 9, ll. 47-49: a content delivery module 360 of the DRM server 110 delivers the content 120 to the client 150).
Although Hernacki discloses online user data (see above) and that the content 120 includes different types of content files stored in various different formats (Hernacki, col. 2, ll. 38-40), Hernacki does not appear to explicitly disclose but Tenneti discloses ensuring privacy and security of online user activity data (e.g. abstract, ¶51, 59, 103, 106:  As users consume content and/or use devices and/or services, personal information related to the user may be obtained…Personal information may be provided by a user and/or be generated based on the user's activities. For example, a user may provide a client device used to consume content with personal identification information (e.g., age, gender, and/or the like) and/or content preference information (e.g., preferred genres, artists, and/or the like). Similarly, a client device may passively collect personal usage information regarding the types of content a user consumes, the number of times certain content is consumed, and/or the like. Collectively, personal information may include, without limitation, user attributes such as gender, age, content preferences, geographic location, attributes and information associated with a user's friends, contacts, and groups included in a user's social 
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Tenneti into the invention of Hernacki for the purpose of ensuring privacy and security of personal information relating to a user (Tenneti, ¶7).
Although Hernacki-Tenneti discloses receiving, at server, a request from a data consumer and transmitting the online user activity data from the server (see above), the combination does not appear to explicitly disclose but Knight discloses receiving, at server, a request from a data consumer to synchronize online user activity data from the server with online user activity data of the data consumer and transmitting the online user activity data from the server to be synced with online user activity data of the data consumer (Knight, e.g. ¶24: The client 130 also sends the server 120 check-in messages. Sending a check-in message to the server 120 enables the client 130 to obtain browsing history information that is stored at the server (which can then be merged with The client 130 receives from the server 120 information regarding browsing histories 340 generated by other clients 130 that are in the same sync group as the first client 130. The client 130 uses the received browsing history information to synchronize its local browsing history 340 with the browsing histories of the other clients 130 in the sync group.) and tracking the distribution of the user activity data from the server. (Knight, e.g. ¶24, 39: The server communication log 350 stores a list of chronologically-ordered timestamps, where a timestamp indicates an occurrence of the client 130 communicating with the server 120. “Communicating with the server 120” means sending a first message to the server 120 and receiving a second message from the server in response)
	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Knight into the invention of Hernacki-Tenneti for the purpose of synchronizing web browsing histories using a server (Knight, ¶3).

Claim 29, Hernacki-Tenneti-Knight discloses The system of claim 28, wherein the data consumer is at least one of a data owner, a data broker, an Internet advertiser, reporting service, an impression bidder, and a data management platform service. (Hernacki, e.g. col. 3, ll. 38-47: the human user of the client 150 and client 150 own data (at least user data) stored in the client 150 and thus is a type of data owner, moreover client 150 is used by the human user to request and access the content and thus is a type of data management platform service for the human user).

Claims 30, 33, 37 and 40 are rejected under 35 U.S.C. 103 as being unpatentable over Hernacki (US 8468608) in view of Tenneti (US 20130332987) in view of Knight (US 20150347614) and further in view of Salmenkaita (US 20020188589).

Claim 37, this claim is rejected for similar reasons as in claim 30.

Claim 40, this claim is rejected for similar reasons as in claim 33.

Claim 30, Hernacki-Tenneti-Knight discloses The system of claim 28, the operations further comprising: determining whether the online user data from the server is designated to have privileges set; and upon determining that the online user data from the server is designated to have privileges set, setting one or more privileges to the online user data from the server associated with the data consumer identifier, wherein the one or more privileges include at least one of restricting access time to the online user data from the server, restricting the online user activity data from the server to a type or format of the online user activity data from the server, restricting the online user data from the server to be aggregated data, and revoking access to the online user data from the server under predefined conditions. (Hernacki, e.g. col. 9, ll. 35-46: the content transformation module 350 of the DRM server 110 transforming the content 120 which includes changing the content from one format to a different format that is both consistent with the policy and supported by the client 150. Transforming the content 120 can also include embedding access rights metadata within the transformed content (e.g., the content 120 can be transformed to a PDF file 40 embedded with DRM restrictions). If the transformation instructions indicate that the secure information within the content 120 should be censored, then the transformation module 350 will redact, extract 
Although Hernacki discloses the online user data (see above), Hernacki does not appear to explicitly disclose but Tenneti discloses online user activity data (e.g. abstract, ¶51, 59, 103, 106:  As users consume content and/or use devices and/or services, personal information related to the user may be obtained…Personal information may be provided by a user and/or be generated based on the user's activities. For example, a user may provide a client device used to consume content with personal identification information (e.g., age, gender, and/or the like) and/or content preference information (e.g., preferred genres, artists, and/or the like). Similarly, a client device may passively collect personal usage information regarding the types of content a user consumes, the number of times certain content is consumed, and/or the like. Collectively, personal information may include, without limitation, user attributes such as gender, age, content preferences, geographic location, attributes and information associated with a user's friends, contacts, and groups included in a user's social network, information related to content usage patterns (including, e.g., what content is consumed), content recommendations, ad viewing patterns, and/or the like…Personal information may include usage data information related to a user's content usage habits. Usage data may include information regarding the types of content a user consumes, the number of times certain content is consumed, metrics or attributes derivable from a user's history of interactivity with ads and/or content, purchasing history, browsing history, content rendering history, and/or the like. In certain embodiments, usage data may be generated locally on a user's device through monitoring of a user's interaction with the device (e.g., as content is consumed and/or the user performs other actions using the device). Alternatively or in addition, usage data may be generated by a trusted third party (e.g., a content provider, an ad provider, 
Although Hernacki-Tenneti-Knight discloses setting one or more privileges to the online user activity data associated with the data consumer identifier (see above), the combination does not appear to explicitly disclose but Salmenkaita discloses setting one or more privileges to the online user activity data using a certificate associated with the data consumer identifier (e.g. ¶98, 103, 107:  Registration is the granting by the user of access permission to the program, to access the current context of the user's wireless device and/or to access other portions of the user's private data…the user's private data, including current context information, personal data entered by the user, the user's Internet usage history data, the user's Internet cookie data, and the user's application program usage data…The user can configure any levels of permission in between the highest and lowest and make that the basis for the registration. The user can include the terms of registration in a digital certificate signed by the user and appended to the application program).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Salmenkaita into the invention of Hernacki-Tenneti-Knight for the purpose of providing enhanced privacy for the user’s private data (Salmenkaita, ¶7).

Claim 33, Hernacki-Tenneti-Knight discloses The system of claim 28, (see above) and does not appear to explicitly disclose but Salmenkaita discloses decrypting the request for the online user activity data from the server using a certificate associated with the data consumer identifier to determine a decrypted request, (e.g. ¶104-105, 107: decrypting the digital signature in the registration certificate presented by the application program requesting access to the user’s private 
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Salmenkaita into the invention of Hernacki-Tenneti-Knight for the purpose of providing enhanced privacy for the user’s private data (Salmenkaita, ¶7).

Claims 31-32, 34, and 38-39 are rejected under 35 U.S.C. 103 as being unpatentable over Hernacki (US 8468608) in view of Tenneti (US 20130332987) in view of Knight (US 20150347614) and further in view of Mortiz (US 20110283365).

Claim 38, this claim is rejected for similar reasons as in claim 31.

Claim 39, this claim is rejected for similar reasons as in claim 32.

Claim 31, Hernacki-Tenneti-Knight discloses The system of claim 28, (see above) and does not appear to explicitly disclose but Mortiz discloses receiving, from a digital rights management system, an authentication request, the authentication request requesting allowance to access the processed online user activity data from a data consumer. (e.g. ¶2, 10, 15-17: Telecom operators 
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Mortiz into the invention of Hernacki-Tenneti-Knight for the purpose of ensuring that changes in user preferences are taken into account (Mortiz, ¶17).

Claim 32, Hernacki-Tenneti-Knight-Mortiz discloses The system of claim 31, the operations further comprising: determining, by the server, whether to allow access to the processed online user activity data; and transmitting, to the digital rights management system, a result of the determination of whether to allow access to the processed online user activity data. (Mortiz, e.g. fig. 2, Ping/ok req. and the response arrow, ¶17, 30: the processing arrangement may initiate one or more requests to the communications system for processing of the user-related data on the basis 

Claim 34, Hernacki-Tenneti-Knight discloses The system of claim 28, (see above) and does not appear to explicitly disclose but Mortiz discloses encrypting the online user activity data from the server using a certificate associated with the data consumer identifier by: transmitting, to a digital rights management platform, the online user activity data from the server and the certificate associated with the data consumer identifier; and receiving, from the digital rights management platform, encrypted online user activity data from the server. (e.g. fig. 2, ¶2, 10-11, 13, 15-16, 29-30: Telecom operators providing network services have access to large quantities of data about subscribing users. For example, an operator can collect data about user behaviour, services used, charging records, web-pages visited, other subscribers called, etc…The communications system includes a data mining agent for generation of a data file containing user-related data which may include, for example, user data, user behaviour, user location and/or information derived therefrom…The communications system can connect to an external processing arrangement so as to transfer the data file, preferably protected by a key, and the usage rights object thereto… A 
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Mortiz into the invention of Hernacki-Tenneti-Knight for the purpose of ensuring that user privacy is protected and under control of the user (Mortiz, ¶9).


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 

US 20150201040 discloses at block 202, browsing data is received from a plurality of client devices associated with the user…Browsing data is received from client devices as a user engages a browsing application running on the client device. The browsing data may be sent to the server in real time, as the data is generated on the client device…The browsing data may be stored at the server, and may be contemporaneously saved locally on the client device. At block 202 the server receives a request form one of the plurality of client devices to access the received browsing data. The request may be an explicit request from the client device to receive access to the browsing data…When, at block 206, the request is determined not to be a request to delete a portion of the browsing data, the system provides access to the received browsing data to the requesting client device, at block 212…When a client device utilizes the browsing data of the user, and the server provides the client device with access to the browsing data, the data may be sent to the requesting client device. The browsing data may be further reconciled with the data that is stored locally, on the device, when executing a particular task. The local data and the browsing data stored at the server may be merged, in order to facilitate the completion of the task. (e.g. ¶34-35, 38-39).



Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRONG NGUYEN whose telephone number is (571)270-7312.  The examiner can normally be reached on Monday through Thursday 9:00 AM - 5:00 PM EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, GELAGAY SHEWAYE can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/TRONG H NGUYEN/Primary Examiner, Art Unit 2436