DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Specification
Applicant is reminded of the proper language and format for an abstract of the disclosure.
The abstract should be in narrative form and generally limited to a single paragraph on a separate sheet within the range of 50 to 150 words in length. The abstract should describe the disclosure sufficiently to assist readers in deciding whether there is a need for consulting the full patent text for details.
The language should be clear and concise and should not repeat information given in the title. It should avoid using phrases which can be implied, such as, “The disclosure concerns,” “The disclosure defined by this invention,” “The disclosure describes,” etc.  In addition, the form and legal phraseology often used in patent claims, such as “means” and “said,” should be avoided.
The abstract of the disclosure is objected to because the abstract should avoid phrases which can be implied such as “[t]he present invention provides” and the abstract exceeds 150 words.  Correction is required.  See MPEP § 608.01(b).

Claim Objections
Claim 9 objected to because of the following informalities:  claim 9 is dependent upon claim 9. For examination purposes, the examiner will treat claim 9 as dependent upon claim 8.  Appropriate correction is required.
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f), is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f):
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f). The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f), is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f). The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f), is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f), except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f), except as otherwise indicated in an Office action.

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) because the claim limitations uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: “front-end module”, “back-end module”,  “sensitive data management module”,  “data trust” in claims 1, 7-8, 10-12, and 18-19.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f), it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f).

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.



Claims 1-20 are rejected under 35 U.S.C. 112(b), as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, regards as the invention.
For claims 1-20, claim limitations “front-end module”, “back-end module”,  “sensitive data management module”,  “data trust” invokes 35 U.S.C. 112(f). However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. The disclosure is devoid of any structure that performs the function in the claims and/or no association between the structure and the function can be found in the specification. Therefore, the claims are indefinite and are rejected under 35 U.S.C. 112(b).
Applicant may:
(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
(a)        Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.
in claims 1, 7-8, 10-12, and 18-19
	Claims 2-6, 9, 13-17, and 20 are rejected under 112(b) because said claims depend on claims 1 and/or 12.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 4-6, 11-13, and 15-17 are rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al US 20200202038 (hereinafter Zhang) in view of Dewitt et al US 20170222804 (hereinafter Dewitt).

As to claim 1, Zhang teaches a sensitive data platform (Figure 1 and abstract), comprising: 
a repository for storing sensitive data (Figure 1, reference number 107 discloses a database/datastore; Figure 6, reference number 607 discloses databases/data stores; paragraph 69 discloses the private data is stored in a data store repository; paragraph 174 also discloses private data is stored in the databases);
 a front-end module (Figure 1, reference number 101 “Private Data Provider” ; paragraph 60 discloses the private data providers may use processing circuitry connected to a network and remote computing devices), associated with said repository (Figure 1, reference number 107), for receiving sensitive data, associating said sensitive data with a first user, and storing said sensitive data in said repository (paragraph 69 discloses the private data is received/registered by the private data provider and is stored in the data store repository; paragraph 60 discloses the private data providers can receives private information from individuals and/or organization, owners, or operator), said front end module (Figure 1, reference number 101 “Private Data Provider”) being operative for:
 1) receiving a first set of said sensitive data from said first user (paragraph 83 discloses an individual may submit private data that is received by the sharing private data system; paragraph 60 discloses the private data providers can receives private data from individuals); 
2) receiving a second set of said sensitive data from a third-party data source (paragraph 83 discloses private data received can be financial records or genomic data; paragraph 60 discloses the private data providers includes data from third parties sources such as research organizations, and/or commercial organization); 
a back-end module (paragraph 49 discloses a distributed ledger can be used to indicate that the application is available for receiving/outputting private data; also the ledger and application provider discussed in paragraph 78 can be a back-end module that output the secured data), associated with said repository (Figure 1, reference number 107) for outputting a selected set of output sensitive data to one or more recipients (paragraphs 28-29 and 49 disclose selected private data is output in an application as indicated by/via the distributed ledger from the private data provider(s) and received by the private data user); 
and a sensitive data management module (Figure 1; reference number 105; paragraph 63 disclose an API service module which can be any computing device such as one or more servers), operatively associated with said front end module (Figure 1, reference number 101 Private Data Provider), said repository (Figure 1, reference number 107 Database) and said back-end module (paragraph 49 discloses a distributed ledger), for controlling said outputting based on settings (paragraph 63 a discloses API service module control access to private data; paragraph 28 and 77 disclose output of sensitive data is controlled using the API service based on sharing conditions/settings which include smart contract that specify conditions under which private data is to be shared with an application), said settings being configurable by said first user, wherein said settings collectively control said selected set of said output sensitive data in relation to said one or more recipients (paragraphs 28 and 170 further disclose setting/sharing conditions that are put in place by private data providers. Private data provider may register to selectively share private data under controlled sharing conditions for the respective private data user/recipient).
Zhang does not teach and 3) receiving a third set of sensitive data via data feeds for continually providing said sensitive data of said first user.
Dewitt teaches and  a front end module (paragraph 70 discloses a front end server that receives information provided by a member) being operative for: 3) receiving a third set of sensitive data via data feeds for continually providing said sensitive data of said first user (paragraphs 55 -56 disclose sensitive data is received on a continuous basis  by the data module); and a back-end module, associated with said repository , for outputting a selected set of output sensitive data (paragraph 71 discloses a back end server, associated with database, that stores, retrieves, and accesses sensitive information).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Zhang’s sensitive data platform with Dewitt’s front end module and back end module to provide secure handling and storage of user sensitive information without delay (paragraphs 2 and 55 of Dewitt).

As to claim 2, the combination of Zhang in view of Dewitt teach wherein said repository is configured to store said sensitive data in an encrypted form such that accessing said sensitive data requires security information of said first user for decryption (Zhang: paragraph 71 discloses the private data is encrypted prior to storage in the data store repository and the private and public key is received from the user/data provider; and paragraphs 71 and 78 discloses an application provider which retrieves the secure private data that has been  transmitted to a secure execution environment, along with the public key, for decryption). 

As to claim 4, the combination of Zhang in view of Dewitt teach wherein said first set of sensitive data is provided in the form of one of survey information and profile information submitted by said first user (Zhang: paragraph 83 disclose sensitive data may be provided/ used in an application to identify risk of experiencing a medical condition, which can be a survey; Dewitt: paragraph 45 and claim 13 disclose the sensitive data provided includes login credential, financial information, and personal identifying information which can be profile information or part of survey information).

As to claim 5, the combination of Zhang in view of Dewitt teach wherein said second set of sensitive data is received at least in part from a third-party data aggregator (Zhang: paragraph 36 discloses aggregating data from distributed private data sources, these sources are third party data sources such as social media; Dewitt: paragraph 56 discloses sensitive information may include credentials for logging into a bank account or aggregation server, see also paragraph 74).

As to claim 6, the combination of Zhang in view of Dewitt teach wherein said third set of sensitive data is received from one of a fitness wearable, an IoT device, a GPS device and a health and wellness sensor device (Dewitt: paragraph 33 discloses the sensitive data is received from a fitness wearable such as a fitness band or smart watch).

As to claim 11, the combination of Zhang in view of Dewitt teach further comprising a data trust (Zhang: paragraph 47 discloses a trusted execution environment, TEE, which is a secure execution environment, see paragraphs 71 and 79), interposed between said repository and said backend module, for accessing said sensitive information from said repository and providing said sensitive information to said backend module free from storage of unencrypted sensitive information of said first user (Zhang: Paragraph 71 discloses the private data is encrypted prior to storage; therefore, the unencrypted data from the user is not stored. Paragraph 50 discloses the private data is transmitted to the TEE to be decrypted and processed; paragraphs 71 and 77-78 disclose the secured data from the repository and the public key is provided to the TEE to decrypt and manipulate the unsecured data and provide the data an executed application that is called/used by the backend module which is the application provider and the distributed ledger).

As to claim 12, Zhang teaches a method (Figures 11 A and 11B) for controlling user of sensitive data in a network environment (abstract and Figures 11A and 11B reveal method of control of sharing private user data in a secure network environment), comprising: 
storing sensitive data in a data repository(Figure 1, reference number 107 reveals a database/data store; Figure 6, reference number 607 reveals a database/datastore; paragraph 69 discloses the private data is stored in a data store repository; paragraph 174 also discloses private data is stored in the databases); 
receiving, at a front-end module(Figure 1, reference number 101 “Private Data Provider”), sensitive data, associating said sensitive data with a first user, and storing said sensitive data in said repository(paragraph 69 discloses the private data is received/registered by the private data provider and is stored in the data store repository; paragraph 60 discloses the private data providers may be individuals and/or organization, owners, or operator), by: 
1) receiving a first set of said sensitive data from said first user(paragraph 83 discloses an individual may submit private data that is received by the sharing private data system);
 2) receiving a second set of said sensitive data from a third-party data source(paragraph 83 discloses private data received can be financial records or genomic data; paragraph 60 discloses the private data providers includes data from third parties sources such as research organizations, commercial organization, and hospitals);
outputting, via a back-end module (paragraph 49 discloses a distributed ledger that is used to indicate that the application is available for receiving/outputting private data; also the private ledger and the application provider discussed in paragraph 78 can be a back-end module that output the secured data) associated with said repository(Figure 1, reference number 107), a selected set of output sensitive data to one or more recipients(paragraphs 28-29 and 49 disclose selected private data is output in an application as indicated by/via the distributed ledger from the private data provider(s) and received by the private data user); and
 controlling, via a sensitive data management module(Figure 1; reference number 105; paragraph 63 disclose an API service module which can be any computing device such as one or more servers), operatively associated with said front end module(Figure 1, reference number 101 Private Data Provider), said repository(Figure 1, reference number 107 database), and said back-end module ( paragraph 49 discloses a distributed ledger; paragraph 78 discloses a distributed ledger and an application provider) said outputting based on settings(paragraph 63 a discloses API service module control access to private data; paragraph 28 and 77 disclose output of sensitive data is controlled using the API service based on sharing conditions/settings which include smart contract that specify conditions under which private data is to be shared with an application), said settings being configurable by said first user, wherein said setting collectively control said selected set of said output sensitive data in relation to said one or more recipients(paragraphs 28 and 170 disclose setting/sharing conditions that are put in place by private data providers. Private data provider may register to selectively share private data under controlled sharing conditions for the respective private data user/recipient).
Zhang does not teach and 3) receiving a third set of sensitive data via data feeds for continually providing said sensitive data of said first user.
Dewitt teaches and a front end module (paragraph 70 discloses a front end server that receives information provided by a member) being operative for: 3) receiving a third set of sensitive data via data feeds for continually providing said sensitive data of said first user (paragraphs 55 -56 disclose sensitive data is received on a continuous basis  by the data module) and outputting, via a back-end module associated with said repository, a selected set of output sensitive data (paragraph 71 discloses a back end server, associated with database, that stores, retrieves, and accesses sensitive information).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Zhang’s sensitive data platform with Dewitt’s front end module and back end module to provide the secure handling and storage of user sensitive information without delay (paragraphs 2 and 55 of Dewitt).

As to claim 13, the combination of Zhang in view of Dewitt teach wherein said repository is configured to store said sensitive data in an encrypted form such that accessing said sensitive data requires security information of said first user for decryption (Zhang: paragraph 71 discloses the private data is encrypted prior to storage in the data store repository and the private and public key is received from the user/data provider; and paragraphs 71 and 78 discloses application provider which retrieves the secure private data that has been  transmitted to the secure execution environment, along with the public key, for decryption). 

As to claim 15, the combination of Zhang in view of Dewitt teach wherein said first set of sensitive data is provided in the form of one of survey information and profile information submitted by said first user (Zhang: paragraph 83 discloses sensitive data is provided/ used in an application to identify risk of experiencing a medical condition, which can be a survey; Dewitt: paragraph 45 and claim 13 disclose the sensitive data provided includes login credential, financial information, and personal identifying information which can be profile information or part of survey information).

As to claim 16, the combination of Zhang in view of Dewitt teach wherein said second set of sensitive data is received at least in part from a third-party data aggregator (Zhang: paragraph 36 discloses aggregating data from distributed private data sources, these sources are third party data sources such as social media; Dewitt: paragraph 56 discloses sensitive information may include credentials for logging into a bank account or aggregation server, see also paragraph 74).

As to claim 17, the combination of Zhang in view of Dewitt teach wherein said third set of sensitive data is received from one of a fitness wearable, an IoT device, a GPS device and a health and wellness sensor device (Dewitt: paragraph 33 discloses the sensitive data is received from a fitness wearable such as a fitness band or smart watch).

Claims 3 and 14  are rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al US 20200202038 (hereinafter Zhang) in view of Dewitt et al US 20170222804 (hereinafter Dewitt) in further view of Lam US 20150381370 (hereinafter Lam).

As to claim 3, the combination of Zhang in view of Dewitt teach all the limitations recited in claim 1 above. The combination of Zhang in view of Dewitt do not teach wherein said repository resides on a cloud-based platform.
Lam teaches wherein said repository resides on a cloud-based platform (paragraph 17 discloses the storage management system rely on cloud-based storage) .
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Zhang’s sensitive data platform in view of Dewitt’s front end module and back end module with Lam’s cloud-based platform such that the data managed by the storage management system resides in a network accessible system (paragraph 17 of Lam).

As to claim 14, the combination of Zhang in view of Dewitt teach all the limitations recited in claim 12 above. The combination of Zhang in view of Dewitt do not teach wherein said repository resides on a cloud-based platform.
Lam teaches wherein said repository resides on a cloud-based platform (paragraph 17 discloses the storage management system rely on cloud-based storage).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Zhang’s sensitive data platform in view of Dewitt’s front end module and back end module with Lam’s cloud-based platform such that the data managed by the storage management system resides in a network accessible system (paragraph 17 of Lam).

Claims 7-9 and 18-20  are rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al US 20200202038 (hereinafter Zhang) in view of Dewitt et al US 20170222804 (hereinafter Dewitt) in further view of Sherman et al AU 2002240703 (hereinafter Sherman).

As to claim 7, the combination of Zhang in view of Dewitt teach all the limitations recited in claim 1 above and further teach wherein said backend module is operatively associated with an application (Zhang: paragraph 77 discloses the backend module which is the distributed ledger and/or application provider interacts with API service to register an application for processing the private data; Dewitt: paragraph 71 discloses back end server).
The combination of Zhang in view of Dewitt do not teach an application  for outputting information regarding personal goals based on said sensitive information. 
Sherman teaches an application ( page 4, lines 12 and 30-32 disclose a data communication network that releases personal data to an authorized advice provider) for outputting information regarding personal goals based on said sensitive information (page 4, lines 11-14 disclose a consumer storing personal data in a secure repository connected to a data communication network; page 6, lines 5-6 disclose the secure repository includes item of data that includes consumer personal data and consumer’s personal goals. The personal data and the goals are access by the advice providers as mentioned on page 6, line 19-20).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Zhang’s sensitive data platform in view of Dewitt’s front end module and back end module with Sherman’s teachings for outputting information regarding personal goals such that the advice provider can access and determine advice such as financial advice based upon the provided personal data to achieve a desired outcome (column 6, lines 10-11 of Sherman).

As to claim 8, the combination of Zhang in view of Dewitt teach all the limitations recited in claim 1 above and further teach wherein said backend module is operatively associated with an application (Zhang: paragraph 77 discloses the backend module which is the distributed ledger and/or application provider interacts with API service to register an application for processing the private data; Dewitt: paragraph 71 discloses back end server).
The combination of Zhang in view of Dewitt do not teach  an application for providing data insights based on processing of said sensitive information.
Sherman teaches an application( page 4, lines 12 and 30-32 disclose a data communication network that releases personal data to an authorized advice provider) for providing data insights based on processing of said sensitive information (column 6, lines 24-26 disclose based on the processed personal data input from the consumer, the advice provider provides advice for the consumer).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Zhang’s sensitive data platform in view of Dewitt’s front end module and back end module with Sherman’s teachings for providing data insight based to assist the consumer to make a decision and/or plan to achieve an outcome/goal (page 1, lines 31-32 of Sherman).

As to claim 9, the combination of Zhang in view of Dewitt and Sherman teach wherein said data insights are based on inputs from said first user defining one of data to be tracked and personal goals of said first user(Sherman: page 4, lines 11-14 disclose a consumer storing personal data in a secure repository connected to a data communication network; page 6, lines 5-6 disclose the secure repository includes item of data that includes consumer personal data and consumer’s personal goals input by consumer. The personal data and the goals are access by the advice providers to provide advice as mentioned on page 6, line 19-20; page 15 lines 21-24 disclose the data is monitored/track to determine if and when milestones have been achieved/steps necessary to meet the intended goal).

As to claim 18, the combination of Zhang in view of Dewitt teach all the limitations recited in claim 12 above and further teach wherein said backend module is operatively associated with an application (Zhang: paragraph 77 discloses the backend module which is the distributed ledger and/or application provider interacts with API service to register an application for processing the private data; Dewitt: paragraph 71 discloses back end server).
The combination of Zhang in view of Dewitt do not teach an application  for outputting information regarding personal goals based on said sensitive information. 
Sherman teaches an application( page 4, lines 12 and 30-32 disclose a data communication network that releases personal data to an authorized advice provider) for outputting information regarding personal goals based on said sensitive information (page 4, lines 11-14 disclose a consumer storing personal data in a secure repository connected to a data communication network; page 6, lines 5-6 disclose the secure repository includes item of data that includes consumer personal data and consumer’s personal goals. The personal data and the goals are access by the advice providers as mentioned on page 6, line 19-20).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Zhang’s sensitive data platform in view of Dewitt’s front end module and back end module with Sherman’s teachings for outputting information regarding personal goals such that the advice provider can access and determine advice such as financial advice based upon the provided personal data to achieve a desired outcome (column 6, lines 10-11 of Sherman).

As to claim 19, the combination of Zhang in view of Dewitt teach all the limitations recited in claim 12 above and further teach wherein said backend module is operatively associated with an application (Zhang: paragraph 77 discloses the backend module which is the distributed ledger and/or application provider interacts with API service to register an application for processing the private data; Dewitt: paragraph 71 discloses back end server).
The combination of Zhang in view of Dewitt do not teach  an application for providing data insights based on processing of said sensitive information.
Sherman teaches an application( page 4, lines 12 and 30-32 disclose a data communication network that releases personal data to an authorized advice provider) for providing data insights based on processing of said sensitive information (column 6, lines 24-26 disclose based on the processed personal data input from the consumer, the advice provider provides advice for the consumer).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Zhang’s sensitive data platform in view of Dewitt’s front end module and back end module with Sherman’s teachings for providing data insight based to assist the consumer to make a decision and/or plan to achieve an outcome/goal (page 1, lines 31-32 of Sherman).

As to claim 20, the combination of Zhang in view of Dewitt and Sherman teach wherein said data insights are based on inputs from said first user defining one of data to be tracked and personal goals of said first user(Sherman: page 4, lines 11-14 disclose a consumer storing personal data in a secure repository connected to a data communication network; page 6, lines 5-6 disclose the secure repository includes item of data that includes consumer personal data and consumer’s personal goals input by consumer. The personal data and the goals are access by the advice providers to provide advice as mentioned on page 6, line 19-20; page 15 lines 21-24 disclose the data is monitored/track to determine if and when milestones have been achieved/steps necessary to meet the intended goal).

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al US 20200202038 (hereinafter Zhang) in view of Dewitt et al US 20170222804 (hereinafter Dewitt) in further view of Chen et al US 20070271598 (hereinafter Chen).

As to claim 10, the combination of Zhang in view of Dewitt teach all the limitations recited in claim 1 above. The combination of Zhang in view of Dewitt further teach  wherein said sensitive data management module allows for different levels of access to said sensitive data (Zhang: paragraph 28 discloses private data providers selectively share private data under controlled sharing condition).
The combination of Zhang in view of Dewitt do not teach different level of access to sensitive data depending on at least an identity of an intended recipient and an intended use of the data.
Chen teaches  different level of access to sensitive data depending on at least an identity of an intended recipient and an intended use of the data (paragraphs 3-4 disclose controlling the access of secure data based on user identity; paragraphs 19-20 disclose different level of access which includes a first level network access point and a second level network access point; paragraph 18 discloses the access level depend on the network application use- employee benefit application, human resources salary administration application, inventory information application, and  library system over IP application).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Zhang’s sensitive data platform in view of Dewitt’s front end module and back end module with Chen’s different levels of access to sensitive data to provide the proper access and control of data for a user (paragraph 2 of Chen).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Patil US 20120173884 (hereinafter Patil), Lopez et al US 20200380596 (hereinafter Lopez), and Kumhyr et al US 10686765 (hereinafter Kumhyr).

Patil teaches a sensitive data platform (abstract and claim 20); comprising a repository for storing sensitive data (paragraph 10); a front end module (claim 2, a computer); a back end module (claim 2, a computer); and a sensitive data management module for controlling said outputting based on settings, the settings being configurable by said first user, wherein said setting collectively control said selected said output sensitive data in relation to one or more recipients (claim 3) as recited in claims 1 and 12.

Lopez teaches an application for outputting information regarding personal goals based on sensitive information (paragraph 24 discloses confidential information relating to budgets or goals) as recited in claims 7 and 18.
Lopez further teaches an application for providing data insights based on processing of said sensitive information (paragraph 24 disclose budget and goal status relating to confidential information) as recited in claims 8 and 19.

Kumhyr teaches different levels of access to sensitive data depending at least on an identity of an intended recipient and intended use of the data (column 1, lines 5-10 and column 4, lines 36-40; column 6, lines 18-20) as recited in claims 10.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to FELICIA FARROW whose telephone number is (571)272-1856. The examiner can normally be reached M - F 7:30--5:30pm (EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on (571)272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/F.F/Examiner, Art Unit 2437                                                                                                                                                                                                        

/BENJAMIN E LANIER/Primary Examiner, Art Unit 2437