DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This initial written action is responding to the communication dated on 08/14/2020.
Claims 1-20 are submitted for examination.
Claims 1-20 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Priority
This application filed on August 14, 2020 does not claim any priority.

Information Disclosure Statement
The following Information Disclosure Statements in the instant application submitted in compliance with the provisions of 37 CFR 1.97, and thus, have been fully considered:
IDS filed on 14 August 2020.

Claim Objections
Claim 10 objected to because of the following informalities:  Claim 10 recites a limitation, “…and denying access to the personal data of the data subject if the request is not verified as being received from the data subject”.  Examiner suggest replacing “if” with “when” or “in response to”. Appropriate correction is required.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 9-14 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter because
a. Claims 9-14 are directed to a computer-readable media. However, the body of the claim lacks definite structure indicative of a physical product. Therefore, the claim as a whole appears to be nothing more than computer software, and software per se does not fall within a statutory category.
In addition, the broadest reasonable interpretation of the "computer readable media" covers a transitory propagating signal which is non-statutory subject matter.
"A transitory, propagating signal... is not a "process, machine, manufacture, or composition of matter." Those four categories define the explicit scope and reach of subject matter patentable under 35 U.S.C. § 101; thus, such a signal cannot be patentable subject matter."
a computer-readable storage media is a non-transitory, however the specification is silent regarding “computer-readable media”.  
The examiner suggests amending the claim(s) to recite a "non-transitory computer-readable medium" or equivalent in order to exclude non-statutory subject matter such as a transitory propagating signal. Any amendment to the claims should be commensurate with its corresponding disclosure.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-7 are rejected under 35 U.S.C. 103 as being unpatentable over Buchner et al. (US PGPUB. # US 2020/0296140, hereinafter “Buchner”), and further in view of Lafever et al. (WIPO PUB. # WO 2018/201009, hereinafter “Lafever”).

Regarding Claim1 Buchner teaches,
A method, performed by one or more computing devices, for managing personal data, the method comprising: 
receiving personal data associated with a data subject, wherein the personal data is associated with a virtual identity of the data subject; (Abstract, “Receive a request from an entity for operating on data stored or to be stored in one of the plurality of storages”, ¶21, “a request from an entity for operating on data stored or to be stored in a storage that is associated with a particular DID is received”, Fig. 8 (800), ¶137, Fig. 4, ¶80, “The data storage 420 may be used to store any type of data that is associated with the DID owner 201. In one embodiment the data may be a collection 422 of a specific type of data corresponding to a specific protocol. For example, the collection 422 may be medical records data that corresponds to a specific protocol for medical data”, Fig. 5(560), ¶103, “The personal storage of Alice 560 includes Alice's medical data 561, Alice's social media data 562, and Alice's email data 563. The ellipsis 564 represents that there may be other types of Alice's personal data stored in Alice's personal storage 560 in the ID hub service 550)”, i.e. personal data associated with a subject is received and the data is associated with DID (virtual identity)). 
storing the personal data; (Fig. 4, ¶80, “The data storage 420 may be used to store any type of data that is associated with the DID owner 201. In one embodiment the data may be a collection 422 of a specific type of data corresponding to a specific protocol. For example, the collection 422 may be medical records data that corresponds to a specific protocol for medical data”, , Fig. 5(560), ¶103, “The personal storage of Alice 560 includes Alice's medical data 561, Alice's social media data 562, and Alice's email data 563. The ellipsis 564 represents that there may be other types of Alice's personal data stored in Alice's personal storage 560 in the ID hub service 550), i.e. personal data associated with a subject is received and the data is associated with DID (virtual identity), Fig. 8 (800), ¶15, “FIG. 8 illustrates a flow chart of an example method for receiving a request from an entity for operation on data stored or to be stored in a storage that is associated with a DID”  i.e. personal data is stored) and 
storing identifying information that is linked to the personal data, wherein the identifying information is included in shadow data associated with the personal data, (Fig. 2(231, 241), ¶60, “a representation of the DID 205 is stored on each distributed computing system of the distributed ledger or blockchain 220. For example, in FIG. 2 this is shown as the DID has 231, DID has 241, and DID has 251, which are ideally identical copies of the same DID. The DID hash 231, DID has 241, and DID hash 251 may then point to the location of the DID document 210”, ¶2, “Decentralized Identifiers (DIDs) are a new type of identifier, which are independent from any centralized registry, identity provider, or certificate authority. Distributed ledger technology (such as blockchain) provides the opportunity for using fully decentralized identifiers”, ¶21, ¶40, ¶44, “the DID 205 may be a Uniform Resource identifier (URI) (such as a Uniform Resource Locator (URL)) or other pointer that relates the DID owner 201 to mechanism to engage in trustable interactions with the DID owner 201”, i.e. identifying information related to personal data is stored) and wherein the identifying information comprises: 
a virtual identity identifier of the virtual identity, ¶44, “the DID 205 may be a Uniform Resource identifier (URI) (such as a Uniform Resource Locator (URL)) or other pointer that relates the DID owner 201 to mechanism to engage in trustable interactions with the DID owner 201”) and 
Buchner does not teach explicitly,
a creation timestamp of the personal data.
However, Lafever teaches,
a creation timestamp of the personal data. (Fig. 4, ¶465, “the privacy server may record and associate the time period/stamp by means of time keys (TKs) or otherwise, DDID, attribute combination A, and attribute combination Q with requesting related party ZZ within the secure database. Relationship information between and among time periods/stamps, DDIDs, attribute combinations, Data Subjects and associated profiles may be stored, updated or deleted as applicable in the maintenance module of the privacy server. This may include, in one example, storing or updating all relationship information between all time periods/stamps, DDIDs, attribute combinations”.).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Lafever with the invention of Buchner.
Buchner teaches, storing personal data and associated identifying information into a separate database. Lafever teaches, creating a timestamp with personal data. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 2, rejection of Claim 1 is included and for the same motivation Buchner does not teach explicitly,
The method of claim 1, wherein the personal data is received for use by an application of the one or more computing devices, and wherein the shadow data for the personal data is not visible to the application. 
However, Lafever teaches,
The method of claim 1, wherein the personal data is received for use by an application of the one or more computing devices, and wherein the shadow data for the personal data is not visible to the application. (¶19, “the various cookies (in this example embodiment, serving as DDIDs representing separateness of identity of Data Subjects) issued by the website, while being created "externally" to the system, would each be unique and would not enable the website to remember stateful information or aggregate the Data Subject's browsing activity, since each of the browsing sessions would be perceived by the website as unrelated— thereby enabling the Data Subject to remain dynamically anonymous as long as desired, to the extent desired”, i.e. cookie is considered shadow data that is not visible to the application).
Regarding Claim 3, rejection of Claim 1 is included and for the same motivation Buchner does not teach explicitly,
 The method of claim 1, wherein the virtual identity identifier comprises an IP address, user credentials, a phone number, an email address, or a cookie identifier.
However, Lafever teaches,
 The method of claim 1, wherein the virtual identity identifier comprises an IP address, user credentials, a phone number, an email address, or a cookie identifier. (¶19, “a "cookie" or other unique identifier assigned by a website to a first-time visitor could effectively serve as a DDID).

Regarding Claim 4, rejection of Claim 1 is included and for the same motivation Buchner teaches,
The method of claim 1, wherein the data subject is associated with a plurality of different virtual identities. (¶44, “The DID 205 may be any identifier that may be associated with the DID owner 201. Preferably, that identifier is unique to that DID owner 201, at least within a scope in which the DID is anticipated to be in use. As an example, the identifier may be a locally unique identifier, and perhaps more desirably a globally unique identifier for identity systems anticipated to operate globally. In some embodiments, the DID 205 may be a Uniform Resource identifier (URI) (such as a Uniform Resource Locator (URL)) or other pointer that relates the DID owner 201 to mechanism to engage in trustable interactions with the DID owner 201”).

Regarding Claim 5, rejection of Claim 1 is included and for the same motivation Buchner teaches,
The method of claim 1, wherein the personal data is stored in a first memory location and the shadow data is stored in a second memory location, and wherein the first memory location includes a pointer to the second memory location. (¶91, “the DID document 210 may include an end point 213 that is an address or pointer to the identity hub 411. The third party 401 may then use the address or pointer to access the identity hub 411”).

Regarding Claim 6, rejection of Claim 5 is included and for the same motivation Buchner teaches,
The method of claim 5, further comprising receiving additional personal data associated with a second virtual identity of the data subject, (Abstract, “Receive a request from an entity for operating on data stored or to be stored in one of the plurality of storages”, ¶21, “a request from an entity for operating on data stored or to be stored in a storage that is associated with a particular DID is received”, Fig. 5 (561, 562, 563), ¶102, “The right side of FIG. 5 illustrates a simplified decentralized system 502 that provides a personal storage for each DID owner in an ID hub service 550. The personal storage in the ID hub service 550 is controlled by the DID owner”, ¶103, “The personal storage of Alice 560 includes Alice's medical data 561, Alice's social media data 562, and Alice's email data 563. The ellipsis 564 represents that there may be other types of Alice's personal data stored in Alice's personal storage 560 in the ID hub service 550”, i.e. social media data is considered as additional personal data) storing the additional personal data in a third memory location,  (Fig. 5(562), ¶103, “The personal storage of Alice 560 includes Alice's medical data 561, Alice's social media data 562”, i.e. social data (additional personal data) is stored in a third memory) and storing additional identifying information that is linked to the personal data, wherein the additional identifying information comprises the second virtual identity of the data subject (Fig. 5 (565), ¶104, “Alice 566 has control over the personal storage 560 via her DID 565”, i.e. Alice DID is considered as additional identifying information that is linked to the personal data)  [and a second creation timestamp of the additional personal data].
Buchner does not teach explicitly,
[storing additional identifying information that is linked to the personal data, wherein the additional identifying information comprises the second virtual identity of the data subject]  and a second creation timestamp of the additional personal data.
However Lafever teaches,
[storing additional identifying information that is linked to the personal data, wherein the additional identifying information comprises the second virtual identity of the data subject]  and a second creation timestamp of the additional personal data. (Fig. 4, ¶465, “the privacy server may record and associate the time period/stamp by means of time keys (TKs) or otherwise, DDID, attribute combination A, and attribute combination Q with requesting related party ZZ within the secure database. Relationship information between and among time periods/stamps, DDIDs, attribute combinations, Data Subjects and 
associated profiles may be stored, updated or deleted as applicable in the maintenance module of the privacy server. This may include, in one example, storing or updating all relationship information between all time periods/stamps, DDIDs, attribute combinations”).

Regarding Claim 7, rejection of Claim 6 is included and for the same motivation Buchner teaches,
The method of claim 6, wherein the additional identifying information is included in additional shadow data associated with the additional personal data, (Fig. 8(800), ¶137, “receiving a request from an entity for operation on data stored or to be stored in a storage that is associated with a particular DID”, Fig. 5(562), ¶103, “The personal storage of Alice 560 includes Alice's medical data 561, Alice's social media data 562”, i.e. social data (additional personal data, ¶44, (Fig. 5 (565), ¶104, “Alice 566 has control over the personal storage 560 via her DID 565”, i.e. Alice DID is considered as additional identifying information included in shadow data that is linked to the personal data)  wherein the additional shadow data is stored in a fourth memory location, (Fig. 5 (565), ¶104, “Alice 566 has control over the personal storage 560 via her DID 565”, i.e. Alice DID is considered as additional identifying information that is linked to the personal data is stored in a fourth memory location) and wherein the third memory location includes a pointer to the fourth memory location. (Fig. 5(565), Fig. 8(802), ¶137, “Based on the information related to the particular DID, a storage (e.g., Alice's ID hub 660) that is associated with the particular DID is identified (802)”, i.e. a pointer is included to locate the data).

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Buchner et al. (US PGPUB. # US 2020/0296140, hereinafter “Buchner”), and further in view of Lafever et al. (WIPO PUB. # WO 2018/201009, hereinafter “Lafever”), and further in view of Zonouz et al. (WIPO PUB. # WO 2019/070675, hereinafter “Zonouz”.

Regarding Claim 8, rejection of Claim 5 is included and combination of Buchner and Lafever does not teach explicitly,
The method of claim 5, wherein the second memory location further includes taint tracking data.
However, Zonouz teaches,
The method of claim 5, wherein the second memory location further includes taint tracking data. (¶51, “compare results in held in the cache memory with values of the data flow to determine whether a sensitive value has been tainted. As such, the method (and system) may prevent such tainted values from being transmitted from the system, after identifying the tainted values”, Fig. 1A, ¶81, i.e. a second memory location includes taint tracking data).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.

Buchner in view of Lafever teaches, storing personal data and associated identifying information into a separate database and creating a timestamp with personal data. Zonouz teaches, storing taint tracking data in a memory. Therefore, it would have been obvious to have storing taint tracking data in a memory of Zonouz into the teachings of Buchner in view of Lafever to protect sensitive data from leaking utilizing taint tracking data. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Claims 9-10 and 12-16 are rejected under 35 U.S.C. 103 as being unpatentable over Buchner et al. (US PGPUB. # US 2020/0296140, hereinafter “Buchner”), and further in view of Leighton et al. (US PGPUB. # US 2020/0351310, hereinafter “Leighton”). 

Regarding Claim 9, Buchner teaches,
One or more computer-readable media (Fig. 1(104), ¶24) storing instructions which, when executed by one or more hardware processors, (Fig. 1(102), ¶24) cause the hardware processors to perform actions comprising: 
detecting a request for retrieval of personal data for a data subject; (Fig. 8 (800), ¶137, “receiving a request from an entity for operation on data stored or to be stored in a storage that is associated with a particular DID”, i.e. a request to retrieve personal data is received).
identifying parameters of the request, the parameters including at least one virtual identity identifier for the data subject; (Fig. 8(800,801), ¶137, “receiving a request from an entity for operation on data stored or to be stored in a storage that is associated with a particular DID, which may correspond to an embodiment of step 702 of method 700. The method 800 may include analyzing the information contained in the request (801), i.e. DDID is identified which is a virtual identifier for the data subject).
searching data storage to locate shadow data that includes identifying information matching the parameters of the request, the located shadow data being linked to associated personal data; (Fig. 8(802,803), ¶137, “Based on the information related to the particular DID, a storage (e.g., Alice's ID hub 660) that is associated with the particular DID is identified (802). The information may also include information related to the specific data that is being requested. Based on the information related to the specific data that is being requested, the requested data in the identified storage (e.g., Alice's medical data 661 stored in her ID hub) is then identified”) and 
Buchner does not teach explicitly,
outputting the associated personal data to the data subject.
However, Leighton teaches,
outputting the associated personal data to the data subject. (Fig. 7B(726), ¶61, “ The server then retrieves the data using the sequence 726 and sends it to the user, which receives it”).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Leighton with the invention of Buchner.
Buchner teaches, receiving a request for anonymized data linked with an identifier. Leighton teaches, retrieving data using an identifier and providing to the requested user . Therefore, it would have been obvious to have retrieving data using an identifier and providing to the requested user of Leighton with receiving a request for anonymized data linked with an identifier of Buchner to provide security for confidential person data. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 10, rejection of Claim 9 is included and for the same motivation Buchner teaches,
The one or more computer-readable media of claim 9, wherein the actions further comprise verifying whether the request is received from the data subject and denying access to the personal data of the data subject if the request is not verified as being received from the data subject. (Fig. 7(707), ¶136, “ If the operation will not result in the data complying with the one or more policy rules, the operation is denied (707)”, i.e. data is not compliant with the policy indicates that request is not verified as being received from the data subject).

Regarding Claim 12, rejection of Claim 9 is included and for the same motivation Buchner teaches,
The one or more computer-readable media of claim 9, wherein the located shadow data includes shadow data that is stored in a first memory location that further includes a pointer to a second memory location (¶91, “the DID document 210 may include an end point 213 that is an address or pointer to the identity hub 411. The third party 401 may then use the address or pointer to access the identity hub 411”), wherein the associated personal data is stored in the second memory location (Fig. 4 (Identity Hub, 411, 412, 413, 414), ¶79-¶80, “identity hub 411 may include data storage 420. The data storage 420 may be used to store any type of data that is associated with the DID owner 201. In one embodiment the data may be a collection 422 of a specific type of data corresponding to a specific protocol. For example, the collection 422 may be medical records data that corresponds to a specific protocol for medical data”). 

Regarding Claim 13, rejection of Claim 9 is included and for the same motivation Buchner teaches,
The one or more computer-readable media of claim 9, wherein the request includes a plurality of virtual identity identifiers associated with the data subject. (¶44, “The DID 205 may be any identifier that may be associated with the DID owner 201. Preferably, that identifier is unique to that DID owner 201, at least within a scope in which the DID is anticipated to be in use. As an example, the identifier may be a locally unique identifier, and perhaps more desirably a globally unique identifier for identity systems anticipated to operate globally. In some embodiments, the DID 205 may be a Uniform Resource identifier (URI) (such as a Uniform Resource Locator (URL)) or other pointer that relates the DID owner 201 to mechanism to engage in trustable interactions with the DID owner 201” i.e. plurality of DIDs (virtual identities) are associated with the owner ( data subject)).

Regarding Claim 14, rejection of Claim 13 is included and for the same motivation Buchner teaches,
The one or more computer-readable media of claim 13, wherein the data subject is associated with a plurality of virtual identity identifiers, (¶43, “the DID owner 201 is shown as having a single DID 205, this need not be the case as there may be any number of DIDs associated with the DID owner 201 “, ¶44, “The DID 205 may be any identifier that may be associated with the DID owner 201. Preferably, that identifier is unique to that DID owner 201, at least within a scope in which the DID is anticipated to be in use. As an example, the identifier may be a locally unique identifier, and perhaps more desirably a globally unique identifier for identity systems anticipated to operate globally. In some embodiments, the DID 205 may be a Uniform Resource identifier (URI) (such as a Uniform Resource Locator (URL)) or other pointer that relates the DID owner 201 to mechanism to engage in trustable interactions with the DID owner 201” i.e. plurality of DIDs (virtual identities) are associated with the owner ( data subject)) and wherein the request includes a subset of the plurality of virtual identity identifiers. (Fig. 7(702), ¶135, “receiving a request from an entity for operation on data stored or to be stored in a storage that is associated with an owner of DID (702),“ Data stored in a storage that is associated with an owner of DID may be Alice's medical data 661, social media data 662, and/or email data 663 that are stored in Alice's personal storage 660”, i.e. request is for a subset of the plurality of the identifiers). 

Regarding Claim 15, Buchner teaches,
A system comprising: 
one or more hardware processors with memory coupled thereto; computer-readable media (Fig. 1(104), ¶24) storing instructions executable by the one or more hardware processors, (Fig. 1(102), ¶24) the instructions comprising: 
first instructions to receive a request for personal data associated with a plurality of virtual identities of a data subject, the plurality of virtual identities of the data subject including a first virtual identity; (Fig. 8 (800), ¶137, “receiving a request from an entity for operation on data stored or to be stored in a storage that is associated with a particular DID”, ¶43, “the DID owner 201 is shown as having a single DID 205, this need not be the case as there may be any number of DIDs associated with the DID owner 201 “, ¶44, “The DID 205 may be any identifier that may be associated with the DID owner 201. Preferably, that identifier is unique to that DID owner 201, at least within a scope in which the DID is anticipated to be in use. As an example, the identifier may be a locally unique identifier, and perhaps more desirably a globally unique identifier for identity systems anticipated to operate globally. In some embodiments, the DID 205 may be a Uniform Resource identifier (URI) (such as a Uniform Resource Locator (URL)) or other pointer that relates the DID owner 201 to mechanism to engage in trustable interactions with the DID owner 201” i.e. a request to retrieve personal data is received and personal data is associated with plurality of DIDs (virtual identities))
second instructions to locate instances of first identifying information corresponding to the first virtual identity in data storage memory locations that store shadow data for a plurality of personal data items; (Fig. 8(800,801), ¶137, “receiving a request from an entity for operation on data stored or to be stored in a storage that is associated with a particular DID, which may correspond to an embodiment of step 702 of method 700. The method 800 may include analyzing the information contained in the request (801)”, ¶59-¶61, i.e. DDID is identified which is a virtual identifier for the data subject)
third instructions to identify, for each instance of the identifying information, a respective personal data item that is linked to the data storage memory location in which the instance of the identifying information is stored; (Fig. 8(802,803), ¶137, “Based on the information related to the particular DID, a storage (e.g., Alice's ID hub 660) that is associated with the particular DID is identified (802). The information may also include information related to the specific data that is being requested. Based on the information related to the specific data that is being requested, the requested data in the identified storage (e.g., Alice's medical data 661 stored in her ID hub) is then identified”) and 
Buchner does not teach explicitly,
fourth instructions to output the respective personal data items.
However, Leighton teaches,
fourth instructions to output the respective personal data items. (Fig. 7B(726), ¶61, “ The server then retrieves the data using the sequence 726 and sends it to the user, which receives it”).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Leighton with the invention of Buchner.
Buchner teaches, receiving a request for anonymized data linked with an identifier. Leighton teaches, retrieving data using an identifier and providing to the requested user . Therefore, it would have been obvious to have retrieving data using an identifier and providing to the requested user of Leighton with receiving a request for anonymized data linked with an identifier of Buchner to provide security for confidential person data. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 16, rejection of Claim 15 is included and for the same motivation Buchner teaches,
The system of claim 15, wherein the plurality of virtual identities of the data subject further includes a second virtual identity that corresponds to second identifying information.  (¶43, “the DID owner 201 is shown as having a single DID 205, this need not be the case as there may be any number of DIDs associated with the DID owner 201 “, ¶44, “The DID 205 may be any identifier that may be associated with the DID owner 201. Preferably, that identifier is unique to that DID owner 201, at least within a scope in which the DID is anticipated to be in use. As an example, the identifier may be a locally unique identifier, and perhaps more desirably a globally unique identifier for identity systems anticipated to operate globally. In some embodiments, the DID 205 may be a Uniform Resource identifier (URI) (such as a Uniform Resource Locator (URL)) or other pointer that relates the DID owner 201 to mechanism to engage in trustable interactions with the DID owner 201” i.e. plurality of DIDs (virtual identities) are associated with the owner ( data subject), Fig. 7(702), ¶135, “receiving a request from an entity for operation on data stored or to be stored in a storage that is associated with an owner of DID (702),“ Data stored in a storage that is associated with an owner of DID may be Alice's medical data 661, social media data 662, and/or email data 663 that are stored in Alice's personal storage 660”, i.e. second virtual identity corresponds to second identifying information).

Claims 11 and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Buchner et al. (US PGPUB. # US 2020/0296140, hereinafter “Buchner”), and further in view of Leighton et al. (US PGPUB. # US 2020/0351310, hereinafter “Leighton”), and further in view of Lafever et al. (WIPO PUB. WO 2018/201009, hereinafter “Lafever”).

Regarding Claim 11 rejection of Claim 9 is included and combination of  Buchner and Leighton does not teach explicitly,
The one or more computer-readable media of claim 9, wherein the virtual identity identifier comprises an IP address, an email address, a phone number, user credentials, or a cookie identifier and wherein the parameters further include a time parameter comprising a time range during which the data subject was associated with the virtual identity identifier.
However, Lafever teaches,
The one or more computer-readable media of claim 9, wherein the virtual identity identifier comprises an IP address, an email address, a phone number, user credentials, or a cookie identifier (¶19, “a "cookie" or other unique identifier assigned by a website to a first-time visitor could effectively serve as a DDID) and wherein the parameters further include a time parameter comprising a time range during which the data subject was associated with the virtual identity identifier. (¶15, “such as, by way of example and not limitation, information pertaining to means of creation, purpose, time and / or date of creation”, ¶23, “A system according to some embodiments of the present invention may store the TDRs (consisting of DDID values and data elements, if any, associated with the DDIDs), as well as information regarding the time period during which each DDID was associated with a particular Data Subject, data attribute(s), action, activity, process or trait”).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.

Buchner in view of Leighton teaches, receiving a request for anonymized data linked with an identifier and retrieving data using an identifier and providing to the requested user. Lafever teaches, utilizing cookie identifier as virtual identifier. Therefore, it would have been obvious to have utilizing cookie identifier as virtual identifier of Lafever into the teachings of Buchner in view of Leighton to retrieve personal data using an identifier to keep personal data anonymized. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 17, rejection of Claim 16 is included and Buchner teaches,
The system of claim 16, wherein the first identifying information includes a first virtual identity identifier (¶43, “the DID owner 201 is shown as having a single DID 205, this need not be the case as there may be any number of DIDs associated with the DID owner 201 “, ¶44, “The DID 205 may be any identifier that may be associated with the DID owner 201. Preferably, that identifier is unique to that DID owner 201, at least within a scope in which the DID is anticipated to be in use. As an example, the identifier may be a locally unique identifier, and perhaps more desirably a globally unique identifier for identity systems anticipated to operate globally. In some embodiments, the DID 205 may be a Uniform Resource identifier (URI) (such as a Uniform Resource Locator (URL)) or other pointer that relates the DID owner 201 to mechanism to engage in trustable interactions with the DID owner 201”, Fig. 3(205, 331), ¶65, “DID owner 201 to create the DID 205 or any number of additional DIDs, such as DID 331”, ¶104, “Alice 566 has control over the personal storage 560 via her DID 565”, i.e. first identity information includes first virtual identifier) [and a first time range during which the data subject was associated with the first virtual identity identifier], and wherein the second identifying information corresponds to a second virtual identity identifier (¶43, “the DID owner 201 is shown as having a single DID 205, this need not be the case as there may be any number of DIDs associated with the DID owner 201 “, ¶44, “The DID 205 may be any identifier that may be associated with the DID owner 201. Preferably, that identifier is unique to that DID owner 201, at least within a scope in which the DID is anticipated to be in use. As an example, the identifier may be a locally unique identifier, and perhaps more desirably a globally unique identifier for identity systems anticipated to operate globally. In some embodiments, the DID 205 may be a Uniform Resource identifier (URI) (such as a Uniform Resource Locator (URL)) or other pointer that relates the DID owner 201 to mechanism to engage in trustable interactions with the DID owner 201”, Fig. 3(205, 331), ¶65, “DID owner 201 to create the DID 205 or any number of additional DIDs, such as DID 331”, ¶104, “Bob 576 has control over his personal storage 570 via his DID 575”, i.e. second identity information includes second virtual identifier) [and a second time range during which the data subject was associated with the second virtual identity identifier].
Combination of Buchner and Leighton does not teach explicitly,
The system of claim 16, [wherein the first identifying information includes a first virtual identity identifier] and a first time range during which the data subject was associated with the first virtual identity identifier, [and wherein the second identifying information corresponds to a second virtual identity identifier] and a second time range during which the data subject was associated with the second virtual identity identifier.
However, Lafever teaches,
The system of claim 16, [wherein the first identifying information includes a first virtual identity identifier] and a first time range during which the data subject was associated with the first virtual identity identifier, (¶297, “After the physician selects a range of time to view, the viewer application requests the relevant DDIDs and offsets from the Trusted Party, for that patient”, ¶298, i.e. first time range) [and wherein the second identifying information corresponds to a second virtual identity identifier] and a second time range during which the data subject was associated with the second virtual identity identifier (¶347, “Temporally (Time) Based: Verification of permissible time periods (e.g., by comparing then-current time to the times when the key holder is scheduled to be providing care to the patient)”, i.e. second time range).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Lafever with the invention of Buchner in view of Leighton.
Buchner in view of Leighton teaches, receiving a request for anonymized data linked with an identifier and retrieving data using an identifier and providing to the KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 18, rejection of Claim 17 is included and for the same motivation Buchner teaches,
The system of claim 17, wherein the first virtual identity identifier is different from the second virtual identity identifier. (Fig. 3(205, 331), ¶65, “DID owner 201 to create the DID 205 or any number of additional DIDs, such as DID 331”, ¶104, “Alice 566 has control over the personal storage 560 via her DID 565”, “Bob 576 has control over his personal storage 570 via his DID 575”, i.e. first identifier is different than second identifier).

Regarding Claim 19, rejection of Claim 17 is included and for the same motivation Buchner teaches,
The system of claim 17, wherein the instructions further comprise fifth instructions to locate instances of the second identifying information in the data storage memory locations that store the shadow data for the plurality of personal data items, (¶59-¶61, Fig. 5, ¶102, “The right side of FIG. 5 illustrates a simplified decentralized system 502 that provides a personal storage for each DID owner in an ID hub service 550. The personal storage in the ID hub service 550 is controlled by the DID owner, instead of the centralized organization. For example, as illustrated in FIG. 5, the ID Hub 550 includes Alice's ID hub 560 (i.e., Alice's personal storage) and Bob's ID hub 570 (i.e., Bob's personal storage). The ellipsis 580 represents that there may be any number of personal storages, each of which is associated with a DID (or a DID owner)”) sixth instructions to identify, for each instance of the second identifying information, a respective additional personal data item that is linked to the data storage memory location in which the instance of the second identifying information is stored; (Fig. 8(802,803), ¶137, “Based on the information related to the particular DID, a storage (e.g., Alice's ID hub 660) that is associated with the particular DID is identified (802). The information may also include information related to the specific data that is being requested. Based on the information related to the specific data that is being requested, the requested data in the identified storage (e.g., Alice's medical data 661 stored in her ID hub) is then identified”) and seventh instructions to output the respective additional personal data items. (Fig. 7B(726), ¶61, “ The server then retrieves the data using the sequence 726 and sends it to the user, which receives it”).

Regarding Claim 20, rejection of Claim 17 is included and for the same motivation Buchner teaches,
The system of claim 17, wherein the first virtual identity identifier and the respective personal data items are not stored in association with a civil identity of the data subject. (¶55, “a persona may be pseudo anonymous, e.g., the DID owner 201 may include a pen name in the DID document when identifying him or her as a writer posting articles on a blog; a persona may be fully anonymous, e.g., the DID owner 201 may only want to disclose his or her job title or other background data (e.g., a school teacher, an FBI agent, an adult older than 21 years old, etc.) but not his or her name in the DID document”, i.e. virtual identity identifier and personal data items are not stored in association with a civil identity of the data subject).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Refer to PTO-892, Notice of References Cited for a listing of analogous art.
Smeets et al. (WIPO PUB. # WO 2021/260418) discloses,  a security management entity is provided. The security management entity includes processing circuitry configured to: generate a key having a plurality of key parts, anonymize at least a first data instance at least in part by using the key with threshold cryptography, transmit a respective key part to each one of the plurality of trusted entities, store at least one key part where the stored at least one key part is different from the transmitted respective key parts, receive a message from a first trusted entity of the plurality of trusted entities for investigating the anonymized first data instance where the message includes one of the transmitted respective key parts, and deanonymize the first data instance using the stored at least one key part and the one of the transmitted respective key parts associated with the first trusted entity.
Michael Cory Brook (US PAT. # US 11,106,823) discloses, at least one processor to extract at least one data value from a record in a remote data store as a primary key that uniquely represents the record in the remote data store, encrypt the primary key using a secret key and an initialization vector to create a reversible public identifier that represents the primary key and the record in the remote data store, receive the reversible public identifier at a second instance after the first instance, query at least one data value different from the primary key in the remote data store using the reversible public identifier based on a GraphQL application programming interface (API) request, and transmit the at least one data value different from the primary key in the remote data store using the GraphQL API at a third instance after the second instance.
Anson et al. (US PGPUB. # US 2021/0264054), discloses providing auditability of a distributed ledger technology (DLT) of de-identified data of entities, stored in the DLT. In certain embodiments, data related to an entity is de-identified. The de-identified data is stored in the DLT. Access to the de-identified data is determined. Instances of access to the de-identified data is recorded to the DLT. In certain embodiments, information used to re-identify the de-identified data is store on the DLT. Access to the information can also be determined and recorded to the DLT.
Aris Gkoulalas-Divanis (US PAT. # US 10,936,752) discloses, data is migrated from a dataset to a common data model that is configured to accommodate data comprising a plurality of different data types to be de-identified. Data is analyzed in the common data model to identify privacy vulnerabilities and determine corresponding data de-identification techniques and configuration options to be applied to the data. The automatically determined data de-identification techniques are applied to the data 
Jae Seung Song (US PAT. # US 2021/0007012) discloses, a method and procedure for processing protection data for protecting data privacy in an M2M system. According to an embodiment of the present disclosure, an M2M apparatus located in an M2M platform in an M2M system includes a communicator configured to transmit and receive a signal and a processor configured to control the communicator. Herein, the processor generates a resource at a resource generation request for administering data received by the communicator, generates a resource at a resource generation request for storing the data received by the communicator, determines whether the data received by the communicator are protection data, and when the data are determined as protection data, performs data processing for privacy protection.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316. The examiner can normally be reached M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DARSHAN I DHRUV/Primary Examiner, Art Unit 2498