DETAILED ACTION
This action is in response to communication(s) filed n 6/27/2019
Claims 1-16 have been examined and are pending with this action.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 6/27/2019 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1, 3-9, 11-13 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Palan et al. (US 2015/0088612).

Regarding claim 1, Palan discloses a computer-implemented method of anonymous browser tracking, the method comprising: 
accessing a website through an instance of a web browser executing on a computing device, the website being accessed from a web server of an online service provider (see Palan; [0018]; he web browser software of the consumer who is visiting various websites is graphically represented at process block 30. At step A, the consumer acting through the browser requests to view a particular website, such as when the consumer types in a website address, clicks on a link, scans a QR code, or other such activity); and 
preventing use of a cookie associated with the web browser instance to access web browsing information related to a user of the web browser instance (see Palan; [0018-0019]; the process then moves to the website of the marketer or the publisher advertising a marketer's products or services, graphically represented at block 32. The website contains a web beacon or web pixel, which is a small section of code known in the art as a means to redirect a web browser to a server other than the server housing the main part of a particular website. At step B, the website 32 sends back to browser 30 the webpage that was requested, along with the web pixel beacon. At process step C, the browser then calls the server with the IP address associated with the pixel beacon. The pixel beacon IP address leads to the server operated by the marketing services provider (MSP), which houses a list of anonymous links, the links here being represented graphically by process block 34. The anonymous links in certain embodiments are each uniquely associated with a particular consumer, and thus the anonymous link enables the MSP to positively and uniquely identify consumer 20, but does so without the use of any PII related to that consumer).

Regarding claim 3, Palan discloses the method of Claim 1, further comprising eliminating any personally identifying information that has been placed in the cookie by replacing the cookie with a continuity token that contains no information except whether a particular previously encountered browser instance evinced the newly reported behavior (see Palan; [0019]; the anonymous links in certain embodiments are each uniquely associated with a particular consumer, and thus the anonymous link enables the MSP to positively and uniquely identify consumer 20, but does so without the use of any PII related to that consumer.  The anonymous links are used to uniquely differentiate data associated with a particular consumer, but no PII is associated with the anonymous links to preserve consumer privacy).

Regarding claim 4, Palan discloses the method of Claim 3, further comprising creating the continuity token by using a one-way hash on the cookie (see Palan; [0019]; the hash function is a one-way function, so that the original link cannot be reverse engineered from the anonymous link).

Regarding claim 5, Palan discloses the method of Claim 4, wherein the one-way hash uses the cookie itself as the seed string for the hash (see Palan; [0019]; The anonymous links are created as described above in a non-reversible manner, such as hashed forms of other links that are uniquely associated with a particular consumer, consumer address, or like information specific to a particular consumer).

Regarding claim 6, Palan discloses the method of Claim 1, wherein preventing use of the cookie to access the web browsing information includes: 
placing, by an agent of the web server, an application associated with the web browser instance on the computing device (see Palan; [0018]; the website contains a web beacon or web pixel, which is a small section of code known in the art as a means to redirect a web browser to a server other than the server housing the main part of a particular website); 
causing a web browser event related to the web browser instance (see Palan; [0018]; At step B, the website 32 sends back to browser 30 the webpage that was requested, along with the web pixel beacon); 
in response to the web browser event, associating the placed application with the instance generating an anonymous identifier for the web browser instance, and transmitting the anonymous identifier to the web browser instance via the placed application (see Palan; [0018]; At process step C, the browser then calls the server with the IP address associated with the pixel beacon. The pixel beacon IP address leads to the server operated by the marketing services provider (MSP), which houses a list of anonymous links, the links here being represented graphically by process block 34); 
reporting the web browser event to the web server, the reporting including the generated anonymous identifier in a structure that disguises the role of the generated anonymous identifier (see Palan; [0019]; the anonymous links in certain embodiments are each uniquely associated with a particular consumer, and thus the anonymous link enables the MSP to positively and uniquely identify consumer 20, but does so without the use of any PII related to that consumer); and 
using the generated anonymous identifier, in place of the cookie, to record the web browser event at the web server (see Palan; [0020]; nne or more of the cookies that are stored at browser cookies 22 of website visitor browser 30 may be associated with one of the anonymous links).

Regarding claim 7, Palan discloses the method of Claim 6, wherein the application is a universal pixel configured with a process that generates the anonymous identifier (see Palan; [0018]; the website contains a web beacon or web pixel, which is a small section of code known in the art as a means to redirect a web browser to a server other than the server housing the main part of a particular website).

Regarding claim 8, Palan discloses the method of Claim 1, wherein preventing use of the cookie to access the web browsing information includes: 
configuring at a web server, an aggregation identifier that maintains aggregated statistics related to a set of cookies or related to a set of anonymized cookie tokens, each cookie token representing an anonymous version of the set of cookies, the aggregation identifier having one or more event types associated with the set of cookie tokens, a cookie token being either a cookie or an anonymized cookie (see Palan; [0020]; One or more of the cookies that are stored at browser cookies 22 of website visitor browser 30 may be associated with one of the anonymous links. Once redirected to the MSP 10, the new link causes the MSP to access browser cookies 22 on the consumer device associated with browser 30 in order to determine if a cookie previously set by the MSP is found there. This cookie, if found, is retrieved for further processing); 
creating links between the aggregation identifier and each cookie token in the set of cookie tokens, a given cookie token being linked to the aggregation identified based on the web browser instance associated with the given cookie token having experienced an event of the one or more event types (see Palan; [0021]; The MSP cookie contains the anonymous link associated with a consumer. Setting of the MSP cookie in browser cookies 22 occurs prior to the processing described herein); 
collecting a web browser event experienced by the web browser instance on the computing device, the collected web browser event being associated to a cookie token of the set of cookie tokens (see Palan; [0021]; other types of identifiers for the consumer or the consumer device may be used in place of a cookie from browser cookies 22. These device identifiers may include, for example, those currently used by Google, Apple, and other companies for various purposes relating to the identification of a particular web user or a particular connected device); 
reporting the collected web browser event and associated cookie token to the web server (see Palan; [0021]; data related to a particular consumer may be anonymously associated with that particular consumers through cookies stored at the consumer's web browser. Because the anonymous links are never associated with PII, there is no risk of a loss of privacy by putting the anonymous link in a cookie set in browser cookies 22 at website visitor browser 30 are reported to the market service provider 34); and 
at the web server, determining the aggregation identifier linked to the reported cookie token and updating the aggregated statistics of the linked aggregation identifier according to the collected web browser event (see Palan; [0022]; Using the anonymous link that was read from the cookie in website visitor browser 30, at process step D desired information for the website visitor may be looked up in a store maintained by the MSP within secure area 12, represented graphically in FIG. 2 by MSP process data block 36. Information that may be looked up here may include market segments that are associated with groups of anonymous links. This may include, for example, data indicating that a consumer is "in market" for a particular product (vehicle, clothing, consumer electronics, etc.) It may also include a particular segment or "cluster" that is associated with the customer).

Regarding claim 9, Palan discloses the method of Claim 8, wherein at least one of: (i) the links between the aggregation identifier and each cookie token, and (ii) the links between a given cookie and each corresponding anonymized cookie token, are stored in a secure memory storage space coupled to the web server, wherein the secure memory storage space is protected by at least one of: one-way encryption, asymmetric keypairs, and blockchain keypairs (see Palan; [0013, 0019, 0021]; The MSP cookie contains the anonymous link associated with a consumer.  Data maintained in secure area 12 may be used in ways that otherwise would not be possible for online marketing transactions. Data in secure area 12 is stored in records, each of which is linked by an anonymous link.  Furthermore, the anonymous links are created as described above in a non-reversible manner, such as hashed forms of other links that are uniquely associated with a particular consumer, consumer address, or like information specific to a particular consumer. The hash function is a one-way function).

Regarding claim 11, Palan discloses the method of Claim 1, wherein preventing use of the cookie to access the web browsing information includes: 
configuring a private browser event ledger in memory communicatively coupled to a server, the private ledger storing each web browser event associated with the browser instance (see Palan; [0020]; One or more of the cookies that are stored at browser cookies 22 of website visitor browser 30 may be associated with one of the anonymous links. Once redirected to the MSP 10, the new link causes the MSP to access browser cookies 22 on the consumer device associated with browser 30 in order to determine if a cookie previously set by the MSP is found there. This cookie, if found, is retrieved for further processing); 
collecting a web browser event experienced by the web browser instance on the computing device, the collected web browser event associated to the continuity token extracted from the cookie (see Palan; [0021]; other types of identifiers for the consumer or the consumer device may be used in place of a cookie from browser cookies 22. These device identifiers may include, for example, those currently used by Google, Apple, and other companies for various purposes relating to the identification of a particular web user or a particular connected device); 
transmitting the collected web browser event to the web server (see Palan; [0021]; data related to a particular consumer may be anonymously associated with that particular consumers through cookies stored at the consumer's web browser. Because the anonymous links are never associated with PII, there is no risk of a loss of privacy by putting the anonymous link in a cookie set in browser cookies 22 at website visitor browser 30 are reported to the market service provider 34); 
at the web server, identifying the private ledger associated with the continuity token (see Palan; [0022]; Using the anonymous link that was read from the cookie in website visitor browser 30, at process step D desired information for the website visitor may be looked up in a store maintained by the MSP within secure area 12, represented graphically in FIG. 2 by MSP process data block 36. Information that may be looked up here may include market segments that are associated with groups of anonymous links. This may include, for example, data indicating that a consumer is "in market" for a particular product (vehicle, clothing, consumer electronics, etc.) It may also include a particular segment or "cluster" that is associated with the customer); and 
adding the collected web browser event to the identified private edger (see Palan; [0023]; at process step E, the desired information about a particular consumer is stored in activity database 38).

Regarding claim 12, Palan discloses the method of Claim 11, wherein the private ledger is maintained within the browser instance (see Palan; [0020]; one or more of the cookies that are stored at browser cookies 22 of website visitor browser 30 may be associated with one of the anonymous links).

Regarding claim 13, Palan discloses the method of Claim 11, further comprising protecting access to the private ledger with identification and authorization rights (see Palan; [0019]; the anonymous links are created as described above in a non-reversible manner, such as hashed forms of other links that are uniquely associated with a particular consumer, consumer address, or like information specific to a particular consumer. The hash function is a one-way function, so that the original link cannot be reverse engineered from the anonymous link).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 2 and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Palan et al. (US 2015/0088612) in view of Schertzinger (US 2010/0017596).

Regarding claim 2, Palan discloses the invention substantially, however the prior art does not explicitly discloses the method of claim 1, wherein preventing use of the cookie to access the web browsing information includes: 
encrypting the cookie at the web server using an encryption key; 
storing the encrypted cookie and encryption key only at the web server; 
storing the generated cookie only at the computing device; and 
each time the cookie is delivered to the web server with an associated web browser event, (i) encrypting the delivered cookie using the encryption key and (ii) validating the encrypted delivered cookie against the stored encrypted cookie prior to recording the web browser event.
	Schertzinger in the field of the same endeavor discloses techniques for managing authentication cookie encryption keys.  In particular, Schertzinger discloses the following:
encrypting the cookie at the web server using an encryption key (see Schertzinger; [0062]; Referring to step 510 of flowchart 500 in FIG. 5 and authentication cookie encryption key management system 300 of FIG. 3, step 510 of flowchart 500 comprises the processor of web browser client 380 storing cookie 385 in a memory, cookie 385 having key ID 110 and encrypted data 140 including session ID 125 as shown in FIG. 1); 
storing the encrypted cookie and encryption key only at the web server (see Schertzinger; [0062]; Web server 360 provides cookie 385 to web browser client 380 after Glen successfully logs in. Thereafter, web browser client 380 will automatically retransfer the cookie back to web server 360, without examining its contents or modifying it in any way); 
storing the generated cookie only at the computing device (see Schertzinger; [0064]; this is related to cookie persistence, or how long the cookie will be stored on web browser client 380); and 
each time the cookie is delivered to the web server with an associated web browser event, (i) encrypting the delivered cookie using the encryption key and (ii) validating the encrypted delivered cookie against the stored encrypted cookie prior to recording the web browser event (see Schertzinger; [0069]; at step 540 of flowchart 500, the processor of web browser client 380 transmits cookie 385 over cookie link 364 to web server 360, supported by a network such as the Internet. At web server 360, key ID 110 is referenced at key server 350, validating the encryption key associated with cookie 385, including its validity period).
Therefore, it would had been obvious to a person of ordinary skill in the art at the time the invention was effectively filed to modify the prior art with the teaching of Schertzinger in order to incorporate techniques for managing authentication cookie encryption keys.  One would have been motivated because there is a need to overcome the drawbacks and deficiencies in the art by providing a way to improve the security of authentication cookie encryption keys, thus providing both convenience and security for users of cookie authenticated websites (see Schertzinger; [0010]).

Regarding claim 15, Palan-Schertzinger discloses the method of Claim 1, wherein preventing use of the cookie to access the web browsing information includes: 
configuring a secure capsule on a computing node of a web server, the secure capsule generating a public-private keypair, protecting the private key, and releasing the public key to the computing node (see Schertzinger; [0022]; Digital signature 121 is a digital signature of serialized data 120. As the name implies, digital signature 121 provides some assurance that the entity generating the cookie is really the entity it claims to be. To generate digital signature 121, serialized data 120 might be hashed, and then the resulting hash digest might be encrypted with a private key associated with a public key certificate previously signed and issued to the entity by a trusted third party); 
generating a cookie at the web server, the generated cookie being used to identify event records of a web browser (see Palan; [0020]; One or more of the cookies that are stored at browser cookies 22 of website visitor browser 30 may be associated with one of the anonymous links. Once redirected to the MSP 10, the new link causes the MSP to access browser cookies 22 on the consumer device associated with browser 30 in order to determine if a cookie previously set by the MSP is found there. This cookie, if found, is retrieved for further processing); 
invoking the secure capsule to securely encrypt the cookie using the private key (see Schertzinger; [0022]; resulting hash digest might be encrypted with a private key associated with a public key certificate); 
placing the encrypted cookie at an instance of the web browser on a computing device (see Schertzinger; [0032]; web browser client 380 also includes cookie 385, which corresponds to cookie 285 from FIG. 2); 
collecting and reporting an event of the web browser to the web server, the reporting including the encrypted cookie associated with the web browser (see Palan; [0021]; other types of identifiers for the consumer or the consumer device may be used in place of a cookie from browser cookies 22. These device identifiers may include, for example, those currently used by Google, Apple, and other companies for various purposes relating to the identification of a particular web user or a particular connected device); and 
decrypting the cookie by the computing node using the public key and updating the event record a with the collected web browser event without identifying the cookie (see Schertzinger; [0022]; Parties interested in verifying the signature can decrypt the hash digest using the public key certificate issued by the trusted third party and compare it to a calculated hash on serialized data 120).

Regarding claim 16, Palan-Schertzinger discloses the method of Claim 15, wherein the secure capsule is a Trusted Execution Environment (TEE) or a Trusted Platform Module (TPM) (see Palan; [0013]; marketing services provider (MSP) 10 provides a secure area 12 in which it maintains non-PII data for use of the various embodiments of the invention).

Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Anderson (US 2003/0163722) in view of Verzun et al. (US 2019/0386969).

Regarding claim 14, Palan discloses the invention substantially, however the prior art does not explicitly disclose the method of Claim 11, further comprising protecting access to the private ledger using blockchain technology.
	Verzun in the field of the same endeavor discloses techniques for decentralized cybersecure privacy network for cloud communication, computing and global ecommerce.  In particular, Verzun teaches the following:
further comprising protecting access to the private ledger using blockchain technology (see Verzun; [0006]; cryptographic and blockchain based contracts employed to digitally facilitate, verify, and/or enforce the negotiation or performance of a contract without third party involvement).
Therefore, it would have been obvious to a person of ordinary skill in the art at the time the invention was effectively filed to modify the prior art with the teaching of Verzun in order to incorporate  techniques for decentralized cybersecure privacy network for cloud communication, computing and global ecommerce. One would have been motivated because by eliminating reliance on a central authority, blockchain technology can improve the integrity and transparency of financial transactions involving secure payments, money transfers, e-commerce, and insurance (see Verzun; [0009]).

Allowable Subject Matter
Claim 10 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Conclusion
For the reason above, claims 1-9 and 11-16 have been rejected and remain pending.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JIMMY H TRAN whose telephone number is (571)270-5638. The examiner can normally be reached Monday - Friday 9am-5pm PST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Christopher Parry can be reached on 571-272-8328. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

JIMMY H TRAN
Primary Examiner
Art Unit 2456



/JIMMY H TRAN/Primary Examiner, Art Unit 2451