DETAILED ACTION
This final office action is in response to claims 1-5 filed on 04/20/2022 for examination. Claims 1-5 are being examined and are pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Response to Amendment
The amendment filed April 20, 2022 has been entered. Claims 1-5 remain pending in the application. The claims have been amended. Applicant’s arguments and amendments to the claims have overcome each and every drawings objection and claim objection previously set forth in the Non-Final Office Action mailed January 20, 2022. Claim 1 has been amended and have necessitated a new ground(s) of rejection in this Office Action. Further, applicant’s arguments regarding claims 1-5 have been fully considered but are not persuasive to differentiate over the prior art.
Particularly, Applicant opines that the combination of Kho et al. (NPL: “Design and Implementation of a Privacy Preserving Electronic Health Linkage Tool in Chicago”, June 2015) and Purves (US20170024733) does not disclose the pre-determined data specification including one or more of a data licensing agreement between the verification source and a verification platform. Remarks, pg. 10. However, Examiner directs Applicant to Kho at pg. 1073 teaching Institutional Review Board (IRB) protocol created and distributed to each participating institution to follow for producing data to be shared <i.e., pre-determined data specification created>. Id. The IRB protocol for data sharing is agreed upon in writing for each institution participating in the data comparisons <i.e., data licensing agreement produced>. Id. Each data provider, including the comparison institution/verification platform which also provides data, must agree in writing <i.e., the licenses are a part of the determined IRB protocol and between the verifier platform and source platform>. Id. Accordingly, the prior art teaches the pre-determined data specification including one or more of a data licensing agreement between the verification source and a verification platform. Further, Applicant opines that the seed hash is not associated with the data specification. Remarks, pg. 11. As previously identified, the IBR protocol is a data specification provided to all data sharing institutions and dictates the data sharing process specifics. See, e.g., Kho at 1073, “Setting”. Each participating institution uses a common hashing seed for hashing the data to be shared in compliance with the IBR protocol <i.e., the seeded hashing is part of the data specification>. See, e.g., Kho at 1073, “Design of DCIFIRHD Data Infrastructure”. Applicant’s remarks further discuss using a seed hash specific to each source, wherein a hashed data entry may be identified as a leaked data entry, and further tracing the source of the leak based on the seed hash (Remarks, pgs. 10-11), however, these aforementioned features are not present in nor necessitated by the claims as written.
In view of the foregoing, and hereinbelow with regards to 35 U.S.C. 103, Applicant’s arguments regarding claims 1-5 as written have been fully considered but are not persuasive to differentiate over the prior art.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kho et al. (NPL: “Design and implementation of a privacy preserving electronic health record linkage tool in Chicago”, June 2015, Hereinafter “Kho”) in view of Purves (US20170024733, Hereinafter “Purves”).
Regarding claim 1, Kho teaches a method for a verification source (abstract and pg. 1073, “Matching Algorithm” – system receives user information and determines if the user information matches other system’s user information <i.e., verifies if a match exists>) comprising: 
generating a seed hash from a pre-determined data specification (pg. 1073, “Setting” – IRB protocol created and distributed to each participating institution to follow for producing data to be shared <i.e., pre-determined data specification created>; pg. 1073, “Design of DCIFIRHD Data Infrastructure” – each institution following the IRB protocol provided a common hashing seed to use for hashing the data to be shared <i.e., the seeded hashing is part of the data specification>), the pre-determined data specification including one or more of a data licensing agreement between the verification source and a verification platform (pg. 1073, “Setting” – IRB protocol created and distributed to each participating institution to follow for producing data to be shared <i.e., pre-determined data specification created>. The IRB protocol for data sharing was agreed upon in writing for each institution participating in the data comparisons <i.e., data licensing agreements produced>. Each data provider (including the comparison institution/verification platform) must agree in writing; see also pg. 1073, “Design of DCIFIRHD Data Infrastructure” – a host/participant site agreed upon by the parties performs the verifications/also provides data>); 
aggregating verification data based on one or more data fields indicated by the data specification to produce aggregated verification data (pg. 1073, “Design of DCIFIRHD Data Infrastructure” – data is collected <i.e., aggregated> at each site to be processed, the data comprising pre-determined patient identification information such as name, date of birth, social security number, etc. <i.e., data fields>; pg. 1073, “Setting” – participating institutions follow the distributed IRB protocol for determining and producing the desired data to be shared <i.e., pre-determined data specification followed>); 
hashing the aggregated verification data using the seed hash to produce hashed verification data (pg. 1073, “Design of DCIFIRHD Data Infrastructure” – file is generated comprising hashes of pre-determined patient identification information such as name, date of birth, social security number, etc., wherein each hash is produced using the hash seed; see additionally pg. 1073, “Matching Algorithm” – combinations of comparison data may be generated, e.g., a seeded hash of a combination of Date of Birth + Social Security Number may be produced); 
receiving hashed customer data from the verification platform (pg. 1073, “Design of DCIFIRHD Data Infrastructure” – files comprising the seeded hashes are delivered to a host/participant site agreed upon by the participants from the participant site, for the purpose of comparing the participant’s data to find matching records); 
receiving a comparison request from the verification platform (pg. 1073, “Design of DCIFIRHD Data Infrastructure” – files comprising the seeded hashes are delivered to a host site agreed upon from the participant sites, for the purpose of comparing the participant site’s user data to find matching user data <i.e., platforms sending their data is a comparison request>); 
comparing the hashed customer data with the hashed verification data (pg. 1073, “Design of DCIFIRHD Data Infrastructure” – the received seeded hash information at the host participant is compared with other participant’s seeded hash information at the host participant site, and a match is determined based on the comparison).
While Kho teaches a system for receiving seeded hashed data based on a data specification and determining whether compared data produces a match, Kho appears to fail to specifically disclose returning a result to the verification platform indicating if the hashed customer data matches the verification data.  
However, Purves teaches a similar system for receiving hashed personal identifying information of a user (abstract, [0092]), wherein the system is a verification system (see [0092] and [0125] – a user’s identity is verified based on matching the received hashes), returning a result to the verification platform indicating if the hashed customer data matches the verification data ([0081-082] – merchant may send a request to the system requesting whether the user is authentic, when a match is determined between user data and comparison data, a result is generated indicating a match, and an authorization response message may be provided to the requesting module; [0092] – the user data received from the merchant is hashed, and compared against hashed enrollment data of the user; see also [0006] and [0094-096] – receiving a comparison request and returning a match when a user match is found).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the Kho with the teachings of Purves, as a verification system comprising returning a result to the verification platform indicating if the hashed customer data matches the verification data, so that requesting system may know the result of the comparison and protect user data from security breaches (see, e.g., Purves at [0082] and [0125]).

Regarding claim 2, the combination Kho and Purves teaches the method of claim 1. wherein the hashed customer data comprises a plurality of hashed credentials (Purves at [0147] – hashed user data <i.e., user credentials> are provided to the wallet server), wherein comparing the hashed customer data with the hashed verification data comprises comparing each of the plurality of hashed credentials against the hashed verification data (Purves at [0092] and [0125] – each of the hashed user data is compared with hashed enrollment user data to verify the user’s identity).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Kho and Purves with the teachings of Purves, wherein the hashed customer data comprises a plurality of hashed credentials, wherein comparing the hashed customer data with the hashed verification data comprises comparing each of the plurality of hashed credentials against the hashed verification data, so that user data can be confirmed while protecting the user data from security breaches (see, e.g., Purves at [0082] and [0125]).

Regarding claim 3, the combination Kho and Purves teaches the method of claim 1, wherein the hashed customer data is produced by the verification platform using the seed hash (Kho at pg. 1073, “Design of DCIFIRHD Data Infrastructure” – files comprising the seeded hashes are created at participating sites <i.e., verification platforms> and delivered to a host site agreed upon by the participants, for the purpose of comparing the participant’s data to find matching records; pg. 1073, “Matching Algorithm” – user data to be compared is seed hashed and provided from against other seed hashed data).  

Regarding claim 4, the combination of Kho and Purves teaches the method of claim 1, wherein aggregating verification data based on the one or more data fields indicated by the data specification (Kho at pg. 1073, “Design of DCIFIRHD Data Infrastructure” – data is collected <i.e., aggregated> to be processed, comprising pre-determined patient identification information such as name, date of birth, social security number, etc. <i.e., data fields>; pg. 1073, “Setting” – participating institutions follow the distributed IRB protocol for determining and producing the desired data to be shared <i.e., pre-determined data specification followed>) comprises: Page 2 of 10Application No. 16/599,054Application Filing Date: October 10, 2019Docket No. SHE19301U3filtering a plurality of data entries within a verification database using the one or more data fields to obtain filtered data (Kho at pg. 1073, “Setting” and “ Design of DCIFIRHD Data Infrastructure” – user records are created based on each site’s stored data, excluding <i.e., filtering> a plurality of data entries containing sensitive information, e.g., ZIP code information could be included but HIV status was not chosen to be shared); and arranging the filtered data into a canonical format, wherein the pre-determined data specification indicates the canonical format (Kho at pg. 1073, “Setting” – IRB protocol created and distributed to each participating institution to follow for producing data to be shared <i.e., pre-determined data specification used>; pg. 1073, “Design of DCIFIRHD Data Infrastructure” – each institution provided a common hashing seed to use for hashing the data to be shared, and the hashed data is placed into comma separated files to be shared with a host site <i.e., the filtered data is put  into a canonical format according to the IRB protocol>) .  

Regarding claim 5, the combination of Kho and Purves teaches the method of claim 1, wherein the hashed verification data comprises a plurality of hashed data entries (Kho at pg. 1073, “Design of DCIFIRHD Data Infrastructure” and “Matching Algorithm” – file comprising a plurality of seeded hashed data entries is shared with the host platform to be used in for matching against other seeded hashed data”), and wherein comparing the hashed customer data with the hashed verification data (Kho at pg. 1073, “Design of DCIFIRHD Data Infrastructure” and “Matching Algorithm” – the seeded hashed data provided by the site is compared against the other institution’s data to determine if matches exist”) comprises: selecting a first hashed data entry from the plurality of hashed data entries (Purves at [0092] and [0125] – customer hashed data entries are selected and compared against enrollment hashed data entries); determining if the hashed customer data is numerically equivalent to the hashed data entry (Purves at [0092] and [0125] – customer hashed data entries are selected and compared against enrollment hashed data entries for matching values); and responding to the hashed customer data being numerically equivalent to the hashed data entry by: setting the result to a pre-determined value indicating the hashed customer data matched the hashed verification data (Purves at [0081-082] – merchant sends a request to the system requesting whether the user is authentic, when a match is determined between user data and comparison data, a result is generated indicating a match, and an authorization response message may be provided to the requesting module; [0092] – match determined based on comparison of hashed data values; see also [0006] and [0094-096] – receiving a comparison request and returning a match when a user match is found).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Rho and Purves with the teachings of Purves, comprising selecting a first hashed data entry from the plurality of hashed data entries; determining if the hashed customer data is numerically equivalent to the hashed data entry; and responding to the hashed customer data being numerically equivalent to the hashed data entry by: setting the result to a pre-determined value indicating the hashed customer data matched the hashed verification data, so that match requestors may know the result of their requests while protecting user information from  security breaches (see, e.g., Purves at [0082] and [0125]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Gula et al. (US20130227714) teaches a system for using file hashes to track data leakage, wherein data seeds are used to identify file hashes of leaked content (see, e.g., abstract, [0043]). Boodaei et al (US20200134165) teaches a verification system for receiving hashed customer credentials, wherein the hashed customer credentials are used to authenticate the customer (see, e.g., [0037] and [0075-076]). Zhou et al. (US20180212931) teaches a system wherein hashed personal identification information is compared against other hashed personal identification information to match a user’s identity (see, e.g., abstract, [0006-007]). Winner et al. (US20190236642) teaches a technique for providing offers to a customer which comprises matching a customer transaction actions based on comparing hashed account numbers with stored hashed account numbers (see abstract, [0049-051], [0070]).
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSHUA RAYMOND WHITE whose telephone number is (571)272-4365. The examiner can normally be reached Monday-Thursday, & Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on 5712723787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/J.R.W./Examiner, Art Unit 2438                                                                                                                                                                                                        /TAGHI T ARANI/Supervisory Patent Examiner, Art Unit 2438