Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1, 2, 7, 8, 10, 11 and 16 is/are rejected under 35 U.S. C. 102(a)(2) as being unpatentable over Jain (WO 2016/064888 A1).
Regarding Claim 1
Jain discloses:
A method for federated privacy management, comprising: receiving, at a user management node, and from a client application executing on an electronic device, a device identifier; receiving, by the user management node (¶34: “The environment of Fig. 1 includes a plurality of client devices 100 (client application), at least one server 102, a gateway device 104, and a central encoding management system 110 (user management node), communicatively coupled via a network 105. In some embodiments, the client device 100 is associated with a user, a business, or other entity or organization”; 36: “The client device 100 may be configured to display one or more interfaces (for instance, a user interface within a web page, native application, or other interface), each including one or more data fields associated with particular data types or categories (such as a date, time, name of a user of the client device, credit card number, bank account number, username of the user, password of the user, or any other suitable data or data format)” (Device identifier).), 
and from a second layer node in a multi-layer federated privacy management network, data comprising at least one of browsing data and application data from a web host or a server (¶34: The server 102 (second layer node) is coupled to the network and can interact with other modules coupled to the network using software such as a web browser (browsing data) or other application (application data) with communication functionality. Such software can include an interface for communicating with the other modules via the network.),
wherein the data is in response to an internet protocol request from the client application via a first layer node and the second layer node to the web host or the server, and the data is associated with the device identifier; receiving, at the user management node, a request for the data from the client application using the device identifier; and communicating the data to the client application (¶106: “The cloud server 1312 can request the performance of the one or more operations from the client 100 and can provide the one or more operations in conjunction with the request.”; ¶36: “The client device 100 is coupled to the network and can interact with other modules coupled to the network using software such as a web browser. The client device 100 may be configured to display one or more interfaces, each including one or more data fields associated with particular data types or categories. The data fields can be associated with an identifying tag or metadata such that the gateway device 104 can identify the data fields or data entered into the data fields.”). 
Regarding Claim 2
Jain discloses:
The method of claim 1, wherein the data from the second layer node comprises at least one of browsing data and application data from the web host or the server (¶34: The server 102 (second layer node) is coupled to the network and can interact with other modules coupled to the network using software such as a web browser (browsing data) or other application (application data) with communication functionality. Such software can include an interface for communicating with the other modules via the network. Like the client device 100, the server 102 can include an interface including one or more data fields, for instance within a native application, operating system, or database, and can be configured to store data associated with the one or more data fields. Data received or communicated by the server 102 can be associated with one or more data fields, for instance by being associated with an identifying tag or metadata associated with the data fields.).
Regarding Claim 7
Jain discloses:
The method of claim 1, wherein the data is encrypted with a private key for the client application (¶48: “In addition to providing token tables for use by the encoding module 125, the central encoding management system 110 can provide encryption keys to the encoding module 125, for instance in response to a request by the encoding module 125, in response to an encryption operation being identified by an accessed security policy, and the like.”).
Regarding Claim 8
Jain discloses:
The method of claim 1, wherein the second layer node comprises a plurality of second layer nodes (¶37: “The server 102 (second layer nodes) is coupled to the network and can interact with other modules coupled to the network using software such as a web browser or other application with communication functionality.”). 
Regarding Claim 10
A method for federated privacy management, comprising: receiving, by a user management node, data from a second layer node in a multi-layer federated privacy management network, the data associated with a session identifier, wherein the data is in response to an internet protocol request from a client application via a first layer node and the second layer node to a web host or a server; receiving, at the user management node, a request for the data from a client application using the session identifier; and communicating the data to the client application (¶106: “The cloud server 1312 can request the performance of the one or more operations from the client 100 and can provide the one or more operations in conjunction with the request.”; ¶36: “The client device 100 is coupled to the network and can interact with other modules coupled to the network using software such as a web browser. The client device 100 may be configured to display one or more interfaces, each including one or more data fields associated with particular data types or categories. The data fields can be associated with an identifying tag or metadata such that the gateway device 104 can identify the data fields or data entered into the data fields.”). 
Regarding Claim 11
The method of claim 10, wherein the data from the second layer node comprises at least one of browsing data and application data from the web host or the server (Refer to claim 2 rejection).
Regarding Claim 16
The method of claim 10, wherein the data is encrypted with a private key for the client application (Refer to claim 7 rejection).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: 
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention
is not identically disclosed as set forth in section 102, if the differences between the claimed
invention and the prior art are such that the claimed invention as a whole would have been obvious
before the effective filing date of the claimed invention to a person having ordinary skill in the art
to which the claimed invention pertains. Patentability shall not be negated by the manner in which
the invention was made.
Claims 3, 4, 12 and 13 are rejected under 35 U.S.C 103 as be unpatentable over Jain (WO 2016/064888 A1) in view of Li (US 11,108,662 B2). 
Regarding Claim 3: 
	Jain does not disclose the following limitation “wherein the first layer node receives the internet protocol request and a first IP address associated with the electronic device from the client application, translates the first IP address into a second IP address, and communicates the internet protocol request and the second IP address to the second layer node”
	Li discloses: 
The method of claim 1, wherein the first layer node receives the internet protocol request and a first IP address associated with the electronic device from the client application, translates the first IP address into a second IP address, and communicates the internet protocol request and the second IP address to the second layer node (Column 7, Line 12: “At 201, a request is generated at the source node (first layer node) for visiting the destination node. The IP address of the source node is extracted from the request. Based on the IP address IP A1, the first edge node is identified. Data is routed between the source node and the destination node through the first edge node.”; Claim 1: “Convert the first source IP address of the data packet to the second source IP address; forward the data packet with the second source IP address to the network circuit to be transmitted out to the network for delivery to the second autonomous system”).
Given the teaching of Li, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of generating an IP request from a first device and sending it over to a client device. One of ordinary skill in the art would have been motivated to modify Jain in view of Li, as Li recognizes that by implementing this feature the first IP address can be converted into a second IP address by the client application and be sent to a second node in order to mask the identity of the original IP address (Column 7, Line 12 and Claim 1).
Regarding Claim 4
Jain discloses:
The method of claim 3, wherein the second layer node executes a privacy service on the internet protocol request (¶34: “The client device 100 and the server 102 can communicate, exchange, and protect sensitive data via the network 105.”; ¶41 and ¶43: “The encoding module 125 is configured to encode sensitive data (such as a portion of payload data corresponding to an interface field) and to store or transmit the tokenized data.; Upon accessing a token table, the encoding module 125 queries the token table with the value of the selected portion of the sensitive data to identify a token value mapped to the value of the selection portion, and replaces the selected portion of the sensitive data with the identified token value. The encoding module 125 can then transmit the tokenized data to an external entity (such as the server 102).”).

Regarding claim 12
Jain does not disclose the following limitation “wherein the first layer node receives the internet protocol request and a first IP address associated with the electronic device from the client application, translates the first IP address into a second IP address, and communicates the internet protocol request and the second IP address to the second layer node”
Li discloses:
The method of claim 10, wherein the data from the second layer node comprises at least one of browsing data and application data from the web host or the server (Refer to claim 3 rejection).

Regarding Claim 13
The method of claim 12, wherein the second layer node executes a privacy service on the internet protocol request (Refer to claim 4 rejection).

Claims 5 and 14 are rejected under 35 U.S.C 103 as be unpatentable over Jain (WO 2016/064888 A1) in view of Li (US 11,108,662 B2), and in further view of Edwards (US 10,715,547). 
Regarding Claim 5
Jain discloses:
The method of claim 4, wherein the privacy service comprises at least one of packet inspection, an anti-malware application activity, and logging of browsing/application history (¶78: “The gateway 104 described herein can also be configured to apply the communications scanning techniques (as described herein) to detect viruses and malware in communications received by the gateway. For instance, the gateway 104 can perform deep packet inspection to identify signatures or patterns known to be associated with malware, viruses, bots, Trojans, and the like.”; ¶73: “The gateway 104 described herein can also be configured to apply the communications scanning techniques (as described herein) to detect viruses and malware in communications received by the gateway. For instance, the gateway 104 can perform deep packet inspection to identify signatures or patterns known to be associated with malware, viruses, bots, Trojans, and the like.”; ¶30 and ¶34 “The client device 100 and the server 102 can communicate, exchange, and protect sensitive data via the network 105.; The server 102 is coupled to the network and can interact with other modules coupled to the network using software such as a web browser (browsing data) or other application (application data) with communication functionality. Such software can include an interface for communicating with the other modules via the network.”).
Jain and Li do not disclose the following limitation within the claim “wherein the privacy service comprises …. device fingerprint obfuscation, web security”
Edward discloses: 
wherein the privacy service comprises …. device fingerprint obfuscation, web security (Claim 15: “The client device of claim 14, wherein the fingerprint data is harvested at a web security proxy in the network, and wherein the one or more prior requests are passed through the web security proxy.”).
Given the teaching of Edward, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of implanting a privacy service that comprises of a device fingerprint and a web security. One of ordinary skill in the art would have been motivated to modify Jain and Li in view of Edwards, as Edwards recognizes that by implementing this feature a privacy service can fingerprint device in order to identify them for future authorization uses with the security of a web browser (Claim 15). 
Regarding Claim 14
The method of claim 13, wherein the privacy service comprises at least one of packet inspection, device fingerprint obfuscation, web security, an anti-malware application activity, and logging of browsing/application history (Refer to claim 5 rejection).

Claims 6, 15, 18 and 20 are rejected under 35 U.S.C 103 as be unpatentable over Jain (WO 2016/064888 A1) in view of Li (US 11,108,662 B2), and in further view of Kim (KR 2015/0013977 A). 
Regarding claim 6
Jain and Li do not disclose the following limitation “wherein the second layer node translates the second IP address into a third IP address and communicates the internet protocol request and the third IP address to the web host or the server”
Kim discloses:
The method of claim 3, wherein the second layer node translates the second IP address into a third IP address and communicates the internet protocol request and the third IP address to the web host or the server (Page 5, Paragraph 3: “The gateway device 10 acting as an SDN gateway server may directly receive a personal IP address request including information of the mobile device 30 from the mobile device 30. The communication unit 11 of the gateway apparatus 10 acting as an SDN gateway server transmits a personal IP address response including a third personal IP address corresponding to the second mobile devices 33 to 34, May convert the address of the packet into a public IP address when receiving a packet including the third private IP address from the second mobile device 33 to 34. At this time, the second mobile devices 33 to 34 may be devices existing in the area of the gateway device 10 operating as an SDN gateway server.”).
Given the teaching of Kim, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages generating an existing IP address into a third IP address and sending it to a server gateway.  One of ordinary skill in the art would have been motivated to modify Jain and Li in view of Kim, as Kim recognizes that by implementing this feature the original IP address can be converted into a third IP address and be sent to a server gateway in order to mask the identity of the original IP address (Page 5, Paragraph 3).
Regarding claim 15
Jain and Li do not disclose the following limitation “wherein the second layer node translates the second IP address into a third IP address and communicates the internet protocol request and the third IP address to the web host or the server”
Kim discloses:
The method of claim 12, wherein the second layer node replaces the second IP address with a third IP address and communicates the internet protocol request and the third IP address to the web host or the server (Refer to claim 6 rejection).
Regarding claim 18
Jain discloses:
A system for federated privacy management, comprising: a multi-layer federated privacy management network comprising a first layer node and a second layer node; a user management node in communication with at least one of the first layer node and the second layer node; and a client application executed by an electronic device, wherein: the user management node receives, from the client application, a device identifier for the electronic device (¶34: “The environment of Fig. 1 includes a plurality of client devices 100 (client application), at least one server 102 (second layer node), a gateway device 104, and a central encoding management system 110 (user management node), communicatively coupled via a network 105. In some embodiments, the client device 100 is associated with a user, a business, or other entity or organization”; 36: “The client device 100 may be configured to display one or more interfaces (for instance, a user interface within a web page, native application, or other interface), each including one or more data fields associated with particular data types or categories (such as a date, time, name of a user of the client device, credit card number, bank account number, username of the user, password of the user, or any other suitable data or data format)” (Device identifier).);
Jain does not disclose the following limitation “the first layer node receives an internet protocol request and a first IP address associated with the electronic device from the client application, translates the first IP address into a second IP address, and communicates the internet protocol request and the second IP address to the second layer node”
Li discloses:
the first layer node receives an internet protocol request and a first IP address associated with the electronic device from the client application, translates the first IP address into a second IP address, and communicates the internet protocol request and the second IP address to the second layer node (Column 7, Line 12: “At 201, a request is generated at the source node (first layer node) for visiting the destination node. The IP address of the source node is extracted from the request. Based on the IP address IP A1, the first edge node is identified. Data is routed between the source node and the destination node through the first edge node.”; Claim 1: “Convert the first source IP address of the data packet to the second source IP address; forward the data packet with the second source IP address to the network circuit to be transmitted out to the network for delivery to the second autonomous system”).
Given the teaching of Li, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of generating an IP request from a first device and sending it over to a client device. One of ordinary skill in the art would have been motivated to modify Jain in view of Li, as Li recognizes that by implementing this feature the first IP address can be converted into a second IP address by the client application and be sent to a second node in order to mask the identity of the original IP address (Column 7, Line 12 and Claim 1); 
Jain and Li do not disclose the following limitation “the second layer node translates the second IP address into a third IP address and communicates the internet protocol request and the third IP address to a web host or a server”
Kim discloses:
the second layer node translates the second IP address into a third IP address and communicates the internet protocol request and the third IP address to a web host or a server (Page 5, Paragraph 3: “The gateway device 10 acting as an SDN gateway server may directly receive a personal IP address request including information of the mobile device 30 from the mobile device 30. The communication unit 11 of the gateway apparatus 10 acting as an SDN gateway server transmits a personal IP address response including a third personal IP address corresponding to the second mobile devices 33 to 34, May convert the address of the packet into a public IP address when receiving a packet including the third private IP address from the second mobile device 33 to 34. At this time, the second mobile devices 33 to 34 may be devices existing in the area of the gateway device 10 operating as an SDN gateway server.”).
Given the teaching of Kim, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages generating an existing IP address into a third IP address and sending it to a server gateway. One of ordinary skill in the art would have been motivated to modify Jain and Li in view Kim, as Kim recognizes that by implementing this feature the original IP address can be converted into a third IP address and be sent to a server gateway in order to mask the identity of the original IP address (Page 5, Paragraph 3).)
Jain further discloses:
the second layer node receives data comprising at least one of browsing data and application data from the web host or the server and associates it with the device identifier or a session identifier and communicates the data and the association with the device identifier or the session identifier to the user management node (¶34: The server 102 (second layer node) is coupled to the network and can interact with other modules coupled to the network using software such as a web browser (browsing data) or other application (application data) with communication functionality. Such software can include an interface for communicating with the other modules via the network. Like the client device 100, the server 102 can include an interface including one or more data fields, for instance within a native application, operating system, or database, and can be configured to store data associated with the one or more data fields. Data received or communicated by the server 102 can be associated with one or more data fields, for instance by being associated with an identifying tag or metadata associated with the data fields.); the user management node receives the data and stores the data; the user management node receives a request for the data from the client application using the device identifier or the session identifier; and the user management node communicates the data to the client application (¶106: “The cloud server 1312 can request the performance of the one or more operations from the client 100 and can provide the one or more operations in conjunction with the request.”; ¶36: “The client device 100 is coupled to the network and can interact with other modules coupled to the network using software such as a web browser. The client device 100 may be configured to display one or more interfaces, each including one or more data fields associated with particular data types or categories. The data fields can be associated with an identifying tag or metadata such that the gateway device 104 can identify the data fields or data entered into the data fields.”).
Regarding Claim 20
The system of claim 18, further comprising a plurality of second layer nodes (Refer to claim 8 rejection).

Claims 9 and 17 are rejected under 35 U.S.C 103 as be unpatentable over Jain (WO 2016/064888 A1) and in further view of Namboodiri (US 2020/0296112 A1A1). 
Regarding claim 9
Jain does not disclose the following limitation “further comprising: receiving, at the user management node, registration information from the client application; requesting, by the user management node, an entitlement token from the first layer node or the second layer node; receiving, from the user management node and from the first layer node or the second layer node, the entitlement token; and communicating, by the user management node, the entitlement token to the client application, wherein the client application registers with the first layer node or the second layer node with the entitlement token”. 
Namboodiri discloses: 
The method of claim 1, further comprising: receiving, at the user management node, registration information from the client application; requesting, by the user management node, an entitlement token from the first layer node or the second layer node; receiving, from the user management node and from the first layer node or the second layer node, the entitlement token; and communicating, by the user management node, the entitlement token to the client application, wherein the client application registers with the first layer node or the second layer node with the entitlement token (¶36: “In one implementation, the authorization module 126 registers node personnel. In one implementation, registering node personnel includes receiving a node personnel login. For example, in one implementation, the authorization module 126 registers a technician at the node 108 when the authorization module 126 receives, from the node 108 (e.g., via the application delivery controller 120, as described herein), a login request associated with the technician and determines to allow the login (e.g., by assigning a valid token, as described elsewhere herein). In one implementation, registering node personnel includes maintaining a node personnel account including roles for node personnel.”).
Given the teaching of Namboodiri, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of using an entitlement token to register a node using a client device. One of ordinary skill in the art would have been motivated to modify Jain in view of Namboodiri, as Namboodiri recognizes that by implementing this feature data from a client device based can be accessed by a registered node (Abstract and ¶36). 
Regarding claim 17
The method of claim 10, further comprising: receiving, at the user management node, registration information from the client application; requesting, by the user management node, an entitlement token from the first layer node or the second layer node; receiving, from the user management node and from the first layer node or the second layer node, the entitlement token; and communicating, by the user management node, the entitlement token to the client application, wherein the client application registers with the first layer node or the second layer node with the entitlement token (Refer to claim 9 rejection).

Claim 19 is rejected under 35 U.S.C 103 as be unpatentable over Jain (WO 2016/064888 A1) in view of Li (US 11,108,662 B2), in view of Kim (KR 2015/0013977 A), and in further view of Edwards (US 10,715,547).
Regarding Claim 19
Jain discloses:
The method of claim 4, wherein the privacy service comprises at least one of packet inspection, an anti-malware application activity, and logging of browsing/application history (¶78: “The gateway 104 described herein can also be configured to apply the communications scanning techniques (as described herein) to detect viruses and malware in communications received by the gateway. For instance, the gateway 104 can perform deep packet inspection to identify signatures or patterns known to be associated with malware, viruses, bots, Trojans, and the like.”; ¶73: “The gateway 104 described herein can also be configured to apply the communications scanning techniques (as described herein) to detect viruses and malware in communications received by the gateway. For instance, the gateway 104 can perform deep packet inspection to identify signatures or patterns known to be associated with malware, viruses, bots, Trojans, and the like.”; ¶30 and ¶34 “The client device 100 and the server 102 can communicate, exchange, and protect sensitive data via the network 105.; The server 102 is coupled to the network and can interact with other modules coupled to the network using software such as a web browser (browsing data) or other application (application data) with communication functionality. Such software can include an interface for communicating with the other modules via the network.”).
Jain, Li and Kim do not disclose the following limitation within the claim “wherein the privacy service comprises …. device fingerprint obfuscation, web security”
Edward discloses: 
wherein the privacy service comprises …. device fingerprint obfuscation, web security (Claim 15: “The client device of claim 14, wherein the fingerprint data is harvested at a web security proxy in the network, and wherein the one or more prior requests are passed through the web security proxy.”).
Given the teaching of Edward, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of implanting a privacy service that comprises of a device fingerprint and a web security. One of ordinary skill in the art would have been motivated to modify Jain, Li and Kim in view of Edwards, as Edwards recognizes that by implementing this feature a privacy service can fingerprint device in order to identify them for future authorization uses with the security of a web browser (Claim 15). 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAAD ABDULLAH whose telephone number is 571-272-1531. The examiner can normally be reached on Monday-Friday 9am-5pm EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, LYNN FIELD can be reached on 571-272-2092.
Information regarding the status of an application may be obtained from the Patent Application Information
Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or
Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more
information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the
Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like
assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-
786-9199 (IN USA OR CANADA) or 571-272-1000.
/SAAD AHMAD ABDULLAH/Examiner, Art Unit 2431                                                                                                                                                                                                        
/LYNN D FEILD/Supervisory Patent Examiner, Art Unit 2431