DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is response to the amendments filed on 04/26/2022.
Claims 1-20 are currently pending in this application. Claims 1 and 11 have been amended.
No new IDS has been filed.

Examiner’s Note
Applicants are suggested to include information from figs. 8, 9 and paras. [0050] – [0054] of the specification (e.g., the GUI state before the user has requested to view sensitive information and the steps of the user request and authorization, etc.) in the claims to improve claim limitations regarding the allowability of the application.

Response to Arguments
Regarding the 112(b) rejections, applicant has amended the claims and argued, in page 9 of the remarks, that “… this portion of the displaying … has been removed … the interface element is removed after the sensitive information is accessed … the interface is displayed on a client device of a requesting entity …”. However, the amendments do not overcome all the previously indicated rejections. See the updated 112(b) rejections section below for detail.
Regarding the double patenting rejections, the applicant, in page 8 of the remarks, has argued that “… applicants request that the rejection is held in abeyance … “, therefore, the rejections are maintained.

Thus, the applicants’ arguments are not persuasive. Please see amended rejections below for the amended claims. This action is final.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(B)  CONCLUSION. — The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. 

Claims 1-20 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention.

Claim 1 (and claim 11 includes similar limitations) recites:
“… after receiving the request … and in response to receiving the request … and to determining that …”, however, it is not clear how to define the difference (or the boundary) between “after receiving the request …” and “in response to receiving the request”;
“… accessing, by the security engine, the sensitive information from the database; removing by the security engine, the interface element, wherein the field is no longer obscured when the interface element is removed …”, however, (1) it is not clear whether removing the interface element requires accessing the sensitive information from the database or not (e.g., as the interface element obscures the field, NOT the sensitive information); (2) the term “the database” has an antecedent basis issue;
Claims 2-10 and 12-20 depend from the claim 1 or 11, and are analyzed and rejected accordingly.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1 and 6-19 of the Patent US 10,521,605 B1 contain every element of claims 1-20 of the instant application and as such anticipates claims 1-20 of the instant application.

A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim.  In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED:  May 30, 2001).

Current Application No. 17/159161
Reference Patent No.: US 10,521,605 B1
Claim 1:  A method of restricting a display of data comprising:
displaying, by a security engine, an interface on a client device of a requesting entity for displaying sensitive information in a field of the interface, the interface including an interface element that obscures the field;








after displaying the interface on the client device, receiving, by the security engine, a request from a requesting entity to view the sensitive information within the field obscured by the interface element; and
after receiving the request to view the sensitive information and in response to receiving the request and to determining that the requesting entity is authorized to view the sensitive information:
accessing, by the security engine, the sensitive information from the database;
removing, by the security engine, the interface element, wherein the field is no longer obscured when the interface element is removed; and
displaying the sensitive information within the field of the interface displayed by the client device.

Claim 1:  A method of restricting a display of data comprising:
displaying, by a security engine, an interface on a client device for displaying … one or more sets of sensitive information from a database, each of the one or more sets of non-sensitive information to be displayed in a corresponding non-sensitive data field, and each of the one or more sets of sensitive information to be displayed in a corresponding sensitive data field, …;
for each of the one or more sets of sensitive information: displaying, by the security engine, a selectable graphical interface element within the interface to at least partially obscure the corresponding sensitive data field; and
in response to receiving a request to view the set of sensitive information, the request comprising a selection of the selectable graphical interface element, and in response to determining that a requesting entity is authorized to view the set of sensitive information:
accessing, by the security engine, the set of sensitive information from the database and displaying the set of sensitive information within the corresponding sensitive data field,
modifying, by the security engine, the interface by removing the selectable graphical interface element from the interface, wherein the corresponding sensitive data field is no longer obscured and …
Claim 2: The method of claim 1, further comprising:
accessing, by the security engine, non-sensitive information from the database; and displaying in the interface, by the security engine, the non-sensitive information within a corresponding non-sensitive data field of the interface.
Claim 1: A method of restricting a display of data comprising: … 
for each of the one or more sets of non-sensitive information, accessing, by the security engine, the set of non-sensitive information from the database and displaying the set of non-sensitive information within the corresponding non-sensitive data field; …
Claim 3: The method of claim 1, further comprising modifying, by the security engine, a data access log to identify the request to view the sensitive information, the modified data access log identifying the requesting entity, the sensitive information, and a time associated with the request to view the sensitive information.
Claim 1: A method of restricting a display of data comprising: … modifying, by the security engine, a data access log to identify the request to view the set of sensitive information, the modified data access log identifying the requesting entity, the set of sensitive information, and a time associated with the request to view the set of sensitive information.
Claim 4: The method of claim 3, further comprising in response to determining that the requesting entity is not authorized to view the sensitive information, initiating by the security engine, an audit of the modified data access log.
Claim 8: The method of claim 1, further comprising: … in response to determining that the requesting entity is not authorized to view the set of sensitive information, initiating, by the security engine, an audit of the modified data access log.
Claim 5: The method of claim 3, wherein the modified data access log further includes information representative of at least one of:
a user account associated with the requesting entity, a hardware device used by the requesting entity to access the sensitive information in the database, a software application used by the requesting entity to access the sensitive information in the database, and an indication of whether a request to view the sensitive information was granted.
Claim 9: The method of claim 1, wherein the modified data access log further includes information representative of at least one of: 
a user account associated with the requesting entity, a hardware device used by the requesting entity to access sensitive information in the database, a software application used by the requesting entity to access sensitive information in the database, and an indication of whether a request to view a set of sensitive information was granted.
Claim 6: The method of claim 3, wherein the modified data access log includes information identifying the interface.
Claim 10: The method of claim 1, wherein the modified data access log includes information representative of the interface associated with a request to view the set of sensitive information.
Claim 7: The method of claim 3, wherein the modified data access log further includes information identifying sensitive data fields located within the interface.
Claim 11: The method of claim 10, wherein the modified data access log further includes information representative of sensitive data fields located within the interface, ...
Claim 8: The method of claim 1, further comprising:
in response to determining that the requesting entity is not authorized to view the sensitive information, displaying a message in the interface indicating that the requesting entity is not authorized to view the sensitive information.
Claim 6: The method of claim 1, further comprising: …
in response to determining that the requesting entity is not authorized to view the set of sensitive information, displaying a message in the interface indicating that the requesting entity is not authorized to view the set of sensitive information.
Claim 9: The method of claim 8, wherein the sensitive information is not accessed from the database in response to determining that the requesting entity is not authorized to view the sensitive information.
Claim 7: The method of claim 6, wherein for each one of the one or more sets of sensitive information, the set of sensitive information is not accessed from the database in response to determining that the requesting entity is not authorized to view the set of sensitive information.
Claim 10: The method of claim 1, wherein the interface element comprises an opaque or semi-opaque box obscuring the field corresponding to the sensitive information.
Claim 12: The method of claim 1, wherein the selectable graphical interface element comprises an opaque or semi-opaque box obscuring the data field corresponding to the set of sensitive information.


Claims 13-19 of the Patent US 10,521,605 B1 contain every element of claims 11-20 of the instant application and as such anticipates claims 11-20 of the instant application – see the above table for similar matching of the non-transitory computer readable storage medium claims 11-20.

Claims 1-7, 12-17 and 20 of the Patent US 10,943,026 B2 contain every element of claims 1-13 and 20 of the instant application and as such anticipates claims 1-13 and 20 of the instant application.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Eschbach et al. (US 2015/0200922 A1).

As per claim 1, Eschbach teaches a method of restricting a display of data [see the abstract of Eschbach] comprising:
displaying, by a security engine, an interface on a client device of a requesting entity for displaying sensitive information in a field of the interface, the interface including an interface element that obscures the field [figs. 1-5; par. 0003, lines 1-7; par. 0023, lines 8-11; par. 0029, lines 1-12; par. 0035, lines 1-6 of Eschbach teaches displaying, by a security engine, an interface on a client device of a requesting entity (e.g., the user device) for displaying sensitive information in a field of the interface, the interface including an interface element that obscures the field (e.g., the graphics or AR marker shown in figs. 1-3)];
after displaying the interface on the client device, receiving, by the security engine, a request from the requesting entity to view the sensitive information within the field obscured by the interface element [par. 0027, lines 11-14; par. 0030, lines 1-7 of Eschbach teaches after displaying the interface on the client device, receiving, by the security engine, a request from the requesting entity (e.g., the user selection) to view the sensitive information within the field obscured by the interface element (e.g., the graphics or AR marker)]; and
after receiving the request to view the sensitive information and in response to receiving the request and to determining that the requesting entity is authorized to view the sensitive information [par. 0027, lines 11-14; par. 0030, lines 11-15 of Eschbach teaches after receiving the request to view the sensitive information and in response to receiving the request and to determining that the requesting entity is authorized (e.g., permission or authorization level to user access is determined) to view the sensitive information]:
accessing, by the security engine, the sensitive information from the database; after the sensitive information is accessed, removing, by the security engine, the interface element, wherein the field is no longer obscured when the interface element is removed; and displaying the sensitive information within the field of the interface displayed by the client device [fig. 5; par. 0026, lines 1-18; par. 0027, lines 11-14; par. 0030, lines 11-20; par. 0035, lines 1-12; par. 0037, lines 1-11; par. 0040, lines 10-11 of Eschbach teaches accessing, by the security engine, the sensitive information from the database (e.g., the data storage facilities, which are local or distributed cloud-based system); after the sensitive information is accessed, removing, by the security engine, the interface element, wherein the field is no longer obscured when the interface element is removed; and displaying the sensitive information (e.g., displaying based on assigned user authentication rank 1-5) within the field of the interface displayed by the client device].

As per claim 2, Eschbach teaches the method of claim 1. 
Eschbach further teaches for accessing, by the security engine, non-sensitive information from the database; and displaying in the interface, by the security engine, the non-sensitive information within a corresponding non-sensitive data field of the interface [figs. 1, 4; par. 0023, lines 8-11; par. 0031, lines 1-3 of Eschbach teaches accessing, by the security engine, non-sensitive information (e.g., types of information, such as “Name”, “DOB”, or the information that does not require any special level of security) from the database; and displaying in the interface, by the security engine, the non-sensitive information within a corresponding non-sensitive data field of the interface (e.g., the non-sensitive information displayed in figs. 1-4].

As per claim 3, Eschbach teaches the method of claim 1.
Eschbach further teaches modifying, by the security engine, a data access log to identify the request to view the sensitive information, the modified data access log identifying the requesting entity, the sensitive information, and a time associated with the request to view the sensitive information [par. 0024, lines 1-12; par. 0033, lines 1-14; par. 0036, lines 5-15 of Eschbach teaches modifying, by the security engine, a data access log to identify the request to view the sensitive information (e.g., document with the AR markers, authorization levels, etc.), the modified data access log identifying the requesting entity, the sensitive information, and a time (e.g., document with the AR markers, authorization levels when the user requests the data access, etc.) associated with the request to view the sensitive information].

As per claim 4, Eschbach teaches the method of claim 3. 
Eschbach further teaches in response to determining that the requesting entity is not authorized to view the sensitive information, initiating by the security engine, an audit of the modified data access log [par. 0026, lines 1-9; par. 0033, lines 1-14; par. 0036, lines 5-15 of Eschbach teaches in response to determining that the requesting entity is not authorized (e.g., the user having the authentication rank on the scale of 1) to view the sensitive information, initiating by the security engine, an audit (e.g., fully redacting the field) of the modified data access log].

As per claim 5, Eschbach teaches the method of claim 3. 
Eschbach further teaches wherein the modified data access log further includes information representative of at least one of: a user account associated with the requesting entity, a hardware device used by the requesting entity to access the sensitive information in the database, a software application used by the requesting entity to access the sensitive information in the database, and an indication of whether a request to view the sensitive information was granted [par. 0021, lines 1-4; par. 0033, lines 1-7; par. 0037, lines 1-11 of Eschbach teaches wherein the modified data access log further includes information representative of at least one of: a user account associated with the requesting entity (e.g., the credentials to identify the user authentication level), a hardware device used by the requesting entity to access the sensitive information in the database, a software application used by the requesting entity to access the sensitive information in the database, and an indication of whether a request to view the sensitive information was granted – see also rejections to the claim 3].

As per claim 6, Eschbach teaches the method of claim 3. 
Eschbach further teaches wherein the modified data access log includes information identifying the interface [par. 0021, lines 1-4; par. 0030, lines 1-18; par. 0033, lines 1-7; par. 0037, lines 1-11 of Eschbach teaches wherein the modified data access log includes information identifying the interface (e.g., identifying information of the sensitive information corresponding to the AR marker, user’s authorization level, etc.) – see also rejections to the claim 3].

As per claim 7, Eschbach teaches the method of claim 3. 
Eschbach further teaches wherein the modified data access log further includes information identifying sensitive data fields located within the interface [par. 0021, lines 1-4; par. 0030, lines 1-18; par. 0033, lines 1-7; par. 0037, lines 1-11 of Eschbach teaches wherein the modified data access log further includes information identifying sensitive data fields (e.g., identifying information of the sensitive information corresponding to the AR marker, user’s authorization level, etc.) located within the interface – see also rejections to the claim 3].

As per claim 8, Eschbach teaches the method of claim 1. 
Eschbach further teaches in response to determining that the requesting entity is not authorized to view the sensitive information, displaying a message in the interface indicating that the requesting entity is not authorized to view the sensitive information [par. 0026, lines 1-9; par. 0033, lines 1-14; par. 0036, lines 5-15 of Eschbach teaches in response to determining that the requesting entity is not authorized (e.g., the user having the authentication rank on the scale of 1) to view the sensitive information, displaying a message in the interface (e.g., fully redacting the field of the sensitive information) indicating that the requesting entity is not authorized to view the sensitive information].

As per claim 9, Eschbach teaches the method of claim 8. 
Eschbach further teaches wherein the sensitive information is not accessed from the database in response to determining that the requesting entity is not authorized to view the sensitive information [par. 0026, lines 1-9; par. 0033, lines 1-14; par. 0036, lines 5-15 of Eschbach teaches wherein the sensitive information is not accessed (e.g., accessing fully redacting the field of the sensitive information or not accessing the sensitive information) from the database in response to determining that the requesting entity is not authorized (e.g., the user having the authentication rank on the scale of 1) to view the sensitive information].

As per claim 10, Eschbach teaches the method of claim 1.
Eschbach further teaches wherein the interface element comprises an opaque or semi-opaque box obscuring the field corresponding to the sensitive information [fig. 1; par. 0023, lines 1-11 of Eschbach teaches wherein the interface element comprises an opaque or semi-opaque box obscuring the field corresponding to the sensitive information (see opaque box of 14B of fig.1) – see also rejections to the claim 1].

Claims 11-20 are storage medium claims correspond to the method claims 1-10, and are analyzed and rejected accordingly.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAUNG T LWIN whose telephone number is (571)270-7845.  The examiner can normally be reached on Monday - Friday 10:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MAUNG T LWIN/Primary Examiner, Art Unit 2495