DETAILED ACTION
This non-final office action is in response to claims 1-18 filed on 06/26/2020 for examination. Claims 1-18 are being examined and are pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 06/26/2020, 01/28/2021, 07/08/2021, and 11/16/2021 have been considered by the examiner. 

Preliminary Amendment 
Preliminary amendment to the claims filed on 06/26/2020 is acknowledged by the examiner. 

Drawings 
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(4) because reference character “011” has been used to designate both “selector device 011” (see, e.g., pg. 15) and “record 011” (see pg. 15); and because reference character “100” has been used to designate both “system 100” (see, e.g., pg. 15) and “issuer device 100” (see pg. 15).  Corrected drawing sheets and/or specification in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.

Claim Objections
Claim 7 is objected to because of the following informalities: 
Claim 7 recites “obtain updated data for one of the multiple data entries […]” in lines 2-3. Subsequently claim 7 recites “said updated data entry” in line 3. For consistency, Examiner suggests amending to, e.g., “obtain an updated entry for one of the multiple data entries […]”.
Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claim(s) 1-2, 13-14, and 17 is/are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. Claim 1 recites the limitation "the obtained values" in lines 50-52.  There is insufficient antecedent basis for this limitation in the claim. Claims 13 and 17 recite a similar deficiency, and are rejected under like rationale. Claims 2 and 14 incorporate the deficiency of their parent claim, and are rejected under like rationale.

Consideration Under 35 USC § 101
Note: the claims have been considered and analyzed by the Examiner under 35 USC § 101 with respect to statutory category and judicial exceptions, and appear to recite a form of subject matter statutorily compliant with § 101.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 8-9, 11-14, and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Takamune et al. (JP2002278449, Hereinafter “Takamune”) in view of Yokota et al. (JP2003338816, Hereinafter “Yokota”) and Wang et al. (NPL: “Privacy-Preserving Public Auditing for Secure Cloud Storage”, December 2011, Hereinafter “Wang”).
Regarding claim 1, Takamune teaches a system for selectively disclosing attributes and data entries of a record ([0015-016] – data and attributes disclosed from a data management system to an end user), the system comprising an issuer device ([0019] – user/applicant sending record data), a selector device ([0014] – data management system), and a receiver device ([0015-016] – an end user client system receives the verified data), 
- the issuer device being for providing a record to a selector device for selective disclosure ([0012] and [0015-016] – user/applicant sends a personal data profile <i.e., record> to a data storage platform <i.e., selector device>, which verifies the data, and provides verified requested data to an end user <i.e., selectively discloses data>), the issuer device comprising: 
- a memory ([0005-007] – user system implemented via a computer terminal which provides stored information to a database) configured to store: 
- an issuer private key ([0005-007] – system implemented via a computer terminal which provides stored information to a database, the terminal having a private key paired with a corresponding public key), the issuer private key forming a public-private key pair with a corresponding issuer public key ([0005-007] – system implemented via a computer terminal which provides stored information to a database, the terminal having a private key paired with a corresponding public key); 
- the record, the record comprising one or more attributes and comprising multiple data entries ([0021-022], and [0028-029] – user system has personal data profile <i.e., record> comprising a plurality of attribute categories with data points. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc.); 
- a processor ([0005-007] – user system implemented via computer terminal) configured to: 
- generate a digital signature on an attribute message using the issuer private key ([0021-022], and [0028-029] – digital signature generated on the plurality of data points for transmitting to the storage platform. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo” , etc. Signatures are generated using the private key of the user/applicant device <i.e., issuers>), the attribute message comprising the one or more attributes ([0021-022], and [0028-029] – digital signature generated on the plurality of data points for transmitting to the storage platform. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc.) [[and the secret record identifier]]; 
- generate multiple digital signatures on multiple data messages for the multiple data entries using the issuer private key ([0021-022], and [0028-029] – digital signature generated on each of the data point entries for transmitting to the storage platform. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc. Signatures are generated using the private key of the user/applicant device <i.e., issuers>), a data message for a data entry comprising the data entry ([0021-022], and [0028-029] – digital signature generated on each of the plurality of data point entries for transmitting to the storage platform. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc.) [[and the secret record identifier]]; 
- provide the record[[, the secret record identifier]], the digital signature on the attribute message, and the digital signatures on the data messages to the selector device ([0021-023], and [0028-029] – user personal data profile to be disclosed <i.e., the record>, aggregate signature, and individual signatures sent to the data management system); 
- the selector device being for selectively disclosing attributes and data entries of the record to a receiver device ([0015-016] – an end user client system <i.e., receiver> receives the determined verified data, e.g.,  from the data management system; [0028] – specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc.), the selector device comprising: 
- a memory ([0005-007] – data management system implemented via a computer system) configured to store: 
- the record[[, the secret record identifier]], the digital signature on the attribute message and the digital signatures on the data messages ([0023-025] – data, aggregate signature of the user a personal data profile <i.e., record>, and individual signatures of data entries sent to and stored on the data management system); 
- a processor ([0005-007] – data management system implemented via a computer system) configured to: 
- determine one or more attributes to be disclosed as a subset of the one or more attributes ([0015-016] – an end user client system <i.e., receiver> requests and receives determined verified data/attributes from the data management system; [0028] – attributes may be, e.g., age, name, city, etc.), and one or more data entries to be disclosed as a subset of the 2multiple data entries ([0015-016] – an end user client system <i.e., receiver> requests and receives the determined verified data/attributes from the data management system for a specific user; [0028] – specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc.); 
- provide the one or more attributes to be disclosed and the one or more data entries to be disclosed to the receiver device ([0015-016] – an end user client system <i.e., receiver> requests and receives the determined verified data/attributes from the data management system for a specific user; [0028] – specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc.);
- the receiver device being for selectively obtaining the attributes and data entries of the record from the selector device ([0015-016] and [0035-036] – an end user client system <i.e., receiver> requests and receives the determined verified data/attributes from the data management system for a specific personal data profile <i.e., record>; [0028] – specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc.), the receiver device comprising: 
- a memory configured to store the issuer public key ([0005-007] – client system/user system implemented via a computer system having a public key <i.e., has memory is configured to store the public key>); 
- a processor ([0005-007] – data management system implemented via a computer system) configured to: 
- obtain from the selector device the one or more attributes and the one or more data entries ([0015-016] and [0035-036] – an end user client system <i.e., receiver> requests and receives the determined verified data/attributes from the data management system for a specific user; [0028] – specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc.).
	While Takamune teaches a system for ensuring integrity of personal data provided to a database (see, e.g., [0005-007]), as well as generating the signatures using attributes/data entries (see, e.g., [0028-029]) it appears to fail to specifically disclose using a secret record identifier in the signature. 
Particularly, Takamune appears to fail to specifically teach the system configured to determine a secret record identifier; generate a digital signature on an attribute message using the issuer private key, the attribute message comprising the one or more attributes and the secret record identifier; generate multiple digital signatures on multiple data messages for the multiple data entries using the issuer private key, a data message for a data entry comprising the data entry and the secret record identifier; provide the record, the secret record identifier, the digital signature on the attribute message, and the digital signatures on the data messages to the selector device; the selector device being for selectively disclosing attributes and data entries of the record to a receiver device, the selector device comprising: a memory configured to store: the record, the secret record identifier, the digital signature on the attribute message and the digital signatures on the data messages. 
In addition, Takamune appears to fail to teach the system configured to perform a zero-knowledge proof with the receiver device, wherein the selector device proves knowledge of: the secret record identifier; the digital signature on the attribute message as being a digital signature on a message comprising at least the one or more attributes to be disclosed and the secret record identifier, signed with a private key corresponding to the issuer public key; the digital signatures on the data messages for the data entries to be disclosed as being digital signatures on messages comprising the data entries to be disclosed and each comprising the secret record identifier, signed with a private key corresponding to the issuer public key.
	However, Yokota teaches a similar system for protecting sensitive personal information in a database (see, e.g., Yokota at [0010-012]), and ensuring the integrity of submitted personal information by attaching a digital signature to the submitted information (see, e.g., [0019]), further configured to determine a secret record identifier and subsequently add the secret identifier to each data item before generating digital signatures over the items ([0029] – user ID number is generated and attached to each data item, signatures are subsequently generated based on the data items + user ID number), as well as to provide the secret identifier to the selector device (see, e.g., [0007-008]), and to store the secret identifier on the selector device (see, e.g., [0007-008]; Note: the user’s record identifier is never shared with the receiver device <i.e., is a secret record identifier>).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Takamune with the teachings of Yokota, to determine a secret record identifier and subsequently add the secret identifier to each data item before generating integrity signatures, and providing the signatures and ID to the selector device. Particularly, such that the system is configured to: determine a secret record identifier; generate a digital signature on an attribute message using the issuer private key, the attribute message comprising the one or more attributes and the secret record identifier; generate multiple digital signatures on multiple data messages for the multiple data entries using the issuer private key, a data message for a data entry comprising the data entry and the secret record identifier; provide the record, the secret record identifier, the digital signature on the attribute message, and the digital signatures on the data messages to the selector device; the selector device being for selectively disclosing attributes and data entries of the record to a receiver device, the selector device comprising: a memory configured to store: the record, the secret record identifier, the digital signature on the attribute message and the digital signatures on the data messages, to generate different signature values for each value of each user, and to ensure each signature of each value is common to a specific user, detecting forgery of user information (see, e.g., Takamune at [0028-029] with Yokota at [0042], [0055-058]).
While the combination of Takamune and Yokota teach a system for ensuring integrity of personal data provided to a database and to an end device by confirming the first signature, multiple data entry signatures (see, e.g., Takamune at [0028-029] and [0035-036]), and the userID (Yokota at [0042], [0055-058]), the combination of Takamune and Yokota appear to fail to specifically disclose the selector confirming the provenance of the file to the receiver device using zero-knowledge proofs. Particularly, the combination of Takamune and Yokota appear to fail to specifically disclose: 
the selector device configured to: perform a zero-knowledge proof with the receiver device, wherein the selector device proves knowledge of: the secret record identifier; the digital signature on the attribute message as being a digital signature on a message comprising at least the one or more attributes to be disclosed and the secret record identifier, signed with a private key corresponding to the issuer public key; the digital signatures on the data messages for the data entries to be disclosed as being digital signatures on messages comprising the data entries to be disclosed and each comprising the secret record identifier, signed with a private key corresponding to the issuer public key; the receiver device to: perform the zero-knowledge proof with the selector device with respect to the obtained values and data entries and the issuer public key to ascertain that the obtained values and data entries belong to the record of the issuer device.
However, Wang teaches a known technique for proving integrity of stored personal information to an end device (abstract), comprising an issuing device, selecting device, and receiving device (see, e.g., § 3.1 – user device <i.e., issuing device> runs a KeyGen and SigGen program to protect a file to be provided to a sever <i.e., selector>, which then attests to the provenance of the file to an auditing device <i.e., receiver>). This technique is applicable to the combination of Takamune and Yokata as they both share similar characteristics and capabilities, namely, they are both directed to confirming the provenance and integrity of stored sensitive user information (see, e.g., Takamune at [0028-029] and Wang at abstract).
Particularly, Wang teaches an issuing device, selecting device, and receiving device (§ 3.1 – user device <i.e., issuing device> runs a KeyGen and SigGen program to protect a file to be provided to a sever <i.e., selector>, which then attests to the provenance of the file to an auditing device <i.e., receiver>), the selector device configured to: 
- perform a zero-knowledge proof with the receiver device, wherein the selector device proves knowledge (§ 3.1 and 3.6 – user <i.e., issuing device> runs a KeyGen and SigGen program to protect a file provided to a sever <i.e., selector>, which then attests to the provenance of the file using a zero-knowledge proof of knowledge which is confirmed the auditing device <i.e., receiver>. The auditing device confirms the proof of knowledge.) of: 
all generated digital signatures and data related to the file’s provenance (§ 3.1 and 3.6 – user <i.e., issuing device> generates signatures and information to protect a file’s information, which is provided to a sever <i.e., selector>. The server then attests to the provenance of the file using zero-knowledge proof of knowledges which confirm possession of the signatures and information to the auditing device <i.e., receiver>);
the receiver device configured to: 
- perform the zero-knowledge proof with the selector device with respect to the file’s information and issuer’s public key (§ 3.4 and 3.6 – user <i.e., issuing device> generates signatures and information to protect a file, which is provided to a sever <i.e., selector>. The signature is generated using a private key of the user <i.e., has corresponding public key of the user>. The server then attests to the provenance of the file and signatures <i.e., and associated public key> using zero-knowledge proof of knowledges to the auditing device <i.e., receiver> as being from the user device <i.e., issuer>. The auditing device confirms the proof of knowledge.).
One of ordinary skill in the art before the effective filing date of the claimed invention would have recognized that applying the known technique of Wang (of using zero-knowledge proofs to prove the signatures and file provenance to an end device) to the combination of Takamune and Yokata would have yielded predictable results and resulted in an improved system. It would have been recognized that applying the technique of Wang to the combination of Takamune and Yokata would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references shows the ability to incorporate zero-knowledge proofs into an integrity scheme to confirm a file and associated signatures are provided from a specific issuer.
	In view of the foregoing, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Takamune and Yokata with the teachings of Wang, wherein the selector device is configured to: perform a zero-knowledge proof with the receiver device, wherein the selector device proves knowledge of: the secret record identifier; the digital signature on the attribute message as being a digital signature on a message comprising at least the one or more attributes to be disclosed and the secret record identifier, signed with a private key corresponding to the issuer public key; the digital signatures on the data messages for the data entries to be disclosed as being digital signatures on messages comprising the data entries to be disclosed and each comprising the secret record identifier, signed with a private key corresponding to the issuer public key; the receiver device being for selectively obtaining the attributes and data entries of the record from the selector device, the receiver device comprising: a processor configured to: perform the zero-knowledge proof with the selector device with respect to the obtained values and data entries and the issuer public key to ascertain that the obtained values and data entries belong to the record of the issuer device, to confirm the provenance of the provided data to a recipient while preserving the user’s privacy (see, e.g., Wang at § 2.1).

Regarding claim 8, Takamune teaches a selector device for selectively disclosing attributes and data entries of a record to a receiver device ([0015-016] – an end user client system <i.e., receiver> receives the determined verified data, e.g.,  from the data management system; [0028] – specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc.), the selector device comprising: 
- a memory ([0005-007] – data management system implemented via a computer system) configured to store: 
- the record, comprising one or more attributes and comprising multiple data entries ([0021-022], and [0028-029] – user system has personal data profile <i.e., record> comprising a plurality of attribute categories with data points. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc.); a digital signature on an attribute message generated using an issuer private key ([0021-022], and [0028-029] – digital signature generated on the plurality of data points for transmitting to the storage platform. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo” , etc. Signatures are generated using the private key of the user/applicant device <i.e., issuers>), the attribute message comprising the one or more attributes [[and the secret record identifier]] ([0021-022], and [0028-029] – digital signature generated on the plurality of data points for transmitting to the storage platform. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc.); and digital signatures on the data messages generated using the issuer private key ([0021-022], and [0028-029] – digital signature generated on each of the data point entries for transmitting to the storage platform. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc. Signatures are generated using the private key of the user/applicant device <i.e., issuers>), a data message for a data entry comprising the data entry [[and the secret record identifier]] ([0021-022], and [0028-029] – digital signature generated on each of the plurality of data point entries for transmitting to the storage platform. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc.); 
- a processor ([0005-007] – data management system implemented via a computer system) configured to: 
- obtain the record[[, the secret record identifier]], the digital signature on the attribute message and the digital signatures on the data messages ([0023-025] – data, aggregate signature of the user a personal data profile <i.e., record>, and individual signatures of data entries sent to and stored on the data management system); 
- determine one or more attributes to be disclosed as a subset of the one or more attributes ([0015-016] – an end user client system <i.e., receiver> requests and receives determined verified data/attributes from the data management system; [0028] – attributes may be, e.g., age, name, city, etc.), and one or more data entries to be disclosed as a subset of the multiple data entries ([0015-016] – an end user client system <i.e., receiver> requests and receives the determined verified data/attributes from the data management system for a specific user; [0028] – specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc.); 
- provide the one or more attributes to be disclosed and the one or more data entries to be disclosed to the receiver device ([0015-016] – an end user client system <i.e., receiver> requests and receives the determined verified data/attributes from the data management system for a specific user; [0028] – specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc.).
While Takamune teaches a system for ensuring integrity of personal data provided to a database (see, e.g., [0005-007]), as well as generating the signatures using attributes/data entries (see, e.g., [0028-029]) it appears to fail to specifically disclose using a secret record identifier in the signature. 
Particularly, Takamune appears to fail to specifically teach the system configured to store a secret record identifier; generate a digital signature on an attribute message using the issuer private key, the attribute message comprising the one or more attributes and the secret record identifier; generate multiple digital signatures on multiple data messages for the multiple data entries using the issuer private key, a data message for a data entry comprising the data entry and the secret record identifier; provide the record, the secret record identifier, the digital signature on the attribute message, and the digital signatures on the data messages to the selector device; the selector device being for selectively disclosing attributes and data entries of the record to a receiver device, the selector device comprising: a memory configured to store: the record, the secret record identifier, the digital signature on the attribute message and the digital signatures on the data messages. 
In addition, Takamune appears to fail to teach the system configured to perform a zero-knowledge proof with the receiver device, wherein the selector device proves knowledge of: the secret record identifier; the digital signature on the attribute message as being a digital signature on a message comprising at least the one or more attributes to be disclosed and the secret record identifier, signed with a private key corresponding to the issuer public key; the digital signatures on the data messages for the data entries to be disclosed as being digital signatures on messages comprising the data entries to be disclosed and each comprising the secret record identifier, signed with a private key corresponding to the issuer public key.
	However, Yokota teaches a similar system for protecting sensitive personal information in a database (see, e.g., Yokota at [0010-012]), and ensuring the integrity of submitted personal information by attaching a digital signature to the submitted information (see, e.g., [0019]), further configured to determine a secret record identifier and subsequently add the secret identifier to each data item before generating digital signatures over the items ([0029] – user ID number is generated and attached to each data item, signatures are subsequently generated based on the data items + user ID number), as well as to provide the secret identifier to the selector device (see, e.g., [0007-008]), and to store the secret identifier on the selector device (see, e.g., [0007-008]; Note: the user’s record identifier is never shared with the receiver device <i.e., is a secret record identifier>).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Takamune with the teachings of Yokota, to store a secret record identifier and subsequently add the secret identifier to each data item before generating integrity signatures, and providing the signatures and ID to the selector device. Particularly, such that the system is configured to: determine a secret record identifier; generate a digital signature on an attribute message using the issuer private key, the attribute message comprising the one or more attributes and the secret record identifier; generate multiple digital signatures on multiple data messages for the multiple data entries using the issuer private key, a data message for a data entry comprising the data entry and the secret record identifier; provide the record, the secret record identifier, the digital signature on the attribute message, and the digital signatures on the data messages to the selector device; the selector device being for selectively disclosing attributes and data entries of the record to a receiver device, the selector device comprising: a memory configured to store: the record, the secret record identifier, the digital signature on the attribute message and the digital signatures on the data messages, to generate different signature values for each value of each user, and to ensure each signature of each value is common to a specific user, detecting forgery of user information (see, e.g., Takamune at [0028-029] with Yokota at [0042], [0055-058]).
While the combination of Takamune and Yokota teach a system for ensuring integrity of personal data provided to a database and to an end device by confirming the first signature, multiple data entry signatures (see, e.g., Takamune at [0028-029] and [0035-036]), and the userID (Yokota at [0042], [0055-058]), the combination of Takamune and Yokota appear to fail to specifically disclose the selector confirming the provenance of the file to the receiver device using zero-knowledge proofs. Particularly, the combination of Takamune and Yokota appear to fail to specifically disclose: 
the selector device configured to: perform a zero-knowledge proof with the receiver device, wherein the selector device proves knowledge of: the secret record identifier; the digital signature on the attribute message as being a digital signature on a message comprising at least the one or more attributes to be disclosed and the secret record identifier, signed with a private key corresponding to the issuer public key; the digital signatures on the data messages for the data entries to be disclosed as being digital signatures on messages comprising the data entries to be disclosed and each comprising the secret record identifier, signed with a private key corresponding to the issuer public key; the receiver device to: perform the zero-knowledge proof with the selector device with respect to the obtained values and data entries and the issuer public key to ascertain that the obtained values and data entries belong to the record of the issuer device.
However, Wang teaches a known technique for proving integrity of stored personal information to an end device (abstract), comprising an issuing device, selecting device, and receiving device (see, e.g., § 3.1 – user device <i.e., issuing device> runs a KeyGen and SigGen program to protect a file to be provided to a sever <i.e., selector>, which then attests to the provenance of the file to an auditing device <i.e., receiver>). This technique is applicable to the combination of Takamune and Yokata as they both share similar characteristics and capabilities, namely, they are both directed to confirming the provenance and integrity of stored sensitive user information (see, e.g., Takamune at [0028-029] and Wang at abstract).
Particularly, Wang teaches an issuing device, selecting device, and receiving device (§ 3.1 – user device <i.e., issuing device> runs a KeyGen and SigGen program to protect a file to be provided to a sever <i.e., selector>, which then attests to the provenance of the file to an auditing device <i.e., receiver>), the selector device configured to: 
- perform a zero-knowledge proof with the receiver device, wherein the selector device proves knowledge (§ 3.1 and 3.6 – user <i.e., issuing device> runs a KeyGen and SigGen program to protect a file provided to a sever <i.e., selector>, which then attests to the provenance of the file using a zero-knowledge proof of knowledge which is confirmed the auditing device <i.e., receiver>. The auditing device confirms the proof of knowledge.) of: 
all generated digital signatures and data related to the file’s provenance (§ 3.1 and 3.6 – user <i.e., issuing device> generates signatures and information to protect a file’s information, which is provided to a sever <i.e., selector>. The server then attests to the provenance of the file using zero-knowledge proof of knowledges which confirm possession of the signatures and information to the auditing device <i.e., receiver>);
the receiver device configured to: 
- perform the zero-knowledge proof with the selector device with respect to the file’s information and issuer’s public key (§ 3.4 and 3.6 – user <i.e., issuing device> generates signatures and information to protect a file, which is provided to a sever <i.e., selector>. The signature is generated using a private key of the user <i.e., has corresponding public key of the user>. The server then attests to the provenance of the file and signatures <i.e., and associated public key> using zero-knowledge proof of knowledges to the auditing device <i.e., receiver> as being from the user device <i.e., issuer>. The auditing device confirms the proof of knowledge.).
One of ordinary skill in the art before the effective filing date of the claimed invention would have recognized that applying the known technique of Wang (of using zero-knowledge proofs to prove the signatures and file provenance to an end device) to the combination of Takamune and Yokata would have yielded predictable results and resulted in an improved system. It would have been recognized that applying the technique of Wang to the combination of Takamune and Yokata would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references shows the ability to incorporate zero-knowledge proofs into an integrity scheme to confirm a file and associated signatures are provided from a specific issuer.
	In view of the foregoing, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Takamune and Yokata with the teachings of Wang, wherein the selector device is configured to: perform a zero-knowledge proof with the receiver device, wherein the selector device proves knowledge of: the secret record identifier; the digital signature on the attribute message as being a digital signature on a message comprising at least the one or more attributes to be disclosed and the secret record identifier, signed with a private key corresponding to the issuer public key; the digital signatures on the data messages for the data entries to be disclosed as being digital signatures on messages comprising the data entries to be disclosed and each comprising the secret record identifier, signed with a private key corresponding to the issuer public key, to confirm the provenance of the provided data to a recipient while preserving the user’s privacy (see, e.g., Wang at § 2.1).

Regarding claim 9, the combination of Takamune, Yokota, and Wang teach the selector device according to claim 8, wherein the memory is configured to store multiple records (Takamune at [0021-022], and [0028-029] – storage platform has personal information records comprising a plurality of attribute categories with data points. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo” and other user personal profiles <i.e., records> such as “32”, “Tanaka”, and “Hiroshima prefecture”), the processor being configured to: 
- obtain a record query (Takamune at [0034-037] – request is received and appropriate user personal profile <i.e., record> is selected to provide to the requestor; [0021-022], and [0028-029] – storage platform has personal information records comprising a plurality of attribute categories with data points. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo” and other user personal profiles <i.e., records> such as “32”, “Tanaka”, and “Hiroshima prefecture”); 
- select one or more of the multiple records according to the record query (Takamune at [0034-037] – request is received and appropriate user personal profile <i.e., record> is selected to provide to the requestor; [0021-022], and [0028-029] – storage platform has personal information records comprising a plurality of attribute categories with data points. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo” and other user personal profiles <i.e., records> such as “32”, “Tanaka”, and “Hiroshima prefecture”); and 
- repeat the determining, the providing, and the performing of the zero-knowledge proof for each current record of the one or more selected records (Wang at e.g., § 3.1 – user device <i.e., issuing device> runs a KeyGen and SigGen program to protect a file to be provided to a sever <i.e., selector>, which then attests to the provenance of the file to an auditing device <i.e., receiver> using zero-knowledge proofs for each audited record).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention implement the combination of Takamune, Yokata, and Wang with the teachings of Wang, to repeat the determining, the providing, and the performing of the zero-knowledge proof for each current record of the one or more selected records, to confirm the provenance of the provided data to a recipient while preserving the user’s privacy (see, e.g., Wang at § 2.1).

Regarding claim 10, the combination of Takamune, Yokota, and Wang teach the selector device according to claim 9, wherein the processor is configured to perform the zero-knowledge proof for a current record to further prove that the current record satisfies the record query (Wang at e.g., § 3.1 – user device <i.e., issuing device> runs a KeyGen and SigGen program to protect a file to be provided to a sever <i.e., selector>, which then attests to the provenance of the file to an auditing device <i.e., receiver> using zero-knowledge proofs for each audited record). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention implement the combination of Takamune, Yokata, and Wang with the teachings of Wang, wherein the processor is configured to perform the zero-knowledge proof for a current record to further prove that the current record satisfies the record query, to confirm the provenance of the provided data to a recipient while preserving the user’s privacy (see, e.g., Wang at § 2.1).

Regarding claim 11, the combination of Takamune, Yokota, and Wang teach the selector device claim 8, wherein the processor is further configured to obtain a data entry query, the processor being configured to determine the one or more data entries to be disclosed according to the data entry query (Takamune at [0034-037] – request is received and appropriate user personal profile <i.e., record> is selected to provide to the requestor; [0021-022], and [0028-029] – storage platform has personal information records comprising a plurality of attribute categories with data points. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo” and other user personal profiles <i.e., records> such as “32”, “Tanaka”, and “Hiroshima prefecture”).  

Regarding claim 12, the combination of Takamune, Yokota, and Wang teach the selector device claim 8, wherein performing the zero-knowledge proof comprises providing a commitment to the secret record identifier to the receiver device (Yokota at [0007-008 and [0029] – user ID <i.e., secret record identifier> is provided to the selector device; with Wang at§ 3.1 and 3.6 – the server then attests to the provenance of the file using zero-knowledge proof of knowledges which confirm possession of the relevant signatures and information to an auditing device <i.e., receiver>) and proving knowledge of the digital signatures with respect to the commitment (Takamune at [0021-023], and [0028-029] – user personal data profile to be disclosed, aggregate signature, and individual signatures sent to the data management system <i.e., selector device>; with Wang at§ 3.1 and 3.6 – the server then attests to the provenance of the file using zero-knowledge proof of knowledges which confirm possession of the relevant signatures and information to an auditing device <i.e., receiver>). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Takamune, Yokota, and Wang with the teachings of Wang, wherein performing the zero-knowledge proof comprises providing a commitment to the secret record identifier to the receiver device and proving knowledge of the digital signatures with respect to the commitment, to confirm the provenance of the provided data to a recipient while preserving the user’s privacy (see, e.g., Wang at § 2.1).

Regarding claim 13, the combination of Takamune, Yokota, and Wang teach a receiver device for selectively obtaining attributes and data entries of record from a selector device ([0015-016] and [0035-036] – an end user client system <i.e., receiver> requests and receives the determined verified data/attributes from the data management system for a specific personal data profile <i.e., record>; [0028] – specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc.), the receiver device comprising: 
- a memory configured to store an issuer public key ([0005-007] – client system/user system implemented via a computer system having a public key <i.e., has memory is configured to store the public key>); 
- a processor ([0005-007] – data management system implemented via a computer system) configured to: 
- obtain from the selector device one or more attributes and one or more data entries ([0015-016] and [0035-036] – an end user client system <i.e., receiver> requests and receives the determined verified data/attributes from the data management system for a specific user; [0028] – specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc.).
While Takamune teaches a system for ensuring integrity of personal data provided to a database (see, e.g., [0005-007]), as well as generating the signatures using attributes/data entries (see, e.g., [0028-029]) it appears to fail to specifically disclose using a secret record identifier in the signature. 
Particularly, Takamune appears to fail to specifically teach the system configured to perform a zero-knowledge proof with the selector device with respect to the obtained values and data entries and the issuer public key to ascertain that the obtained values and data entries belong to a record of an issuer device corresponding to the issuer public key, wherein the selector device proves knowledge of: a secret record identifier; 6a digital signature on a message comprising at least the one or more attributes to be disclosed and the secret record identifier, signed with a private key corresponding to the issuer public key; digital signatures on messages comprising the data entries to be disclosed and each comprising the secret record identifier, signed with a private key corresponding to the issuer public key.  
	However, Yokota teaches a similar system for protecting sensitive personal information in a database (see, e.g., Yokota at [0010-012]), and ensuring the integrity of submitted personal information by attaching a digital signature to the submitted information (see, e.g., [0019]), further configured to determine a secret record identifier and subsequently add the secret identifier to each data item before generating digital signatures over the items ([0029] – user ID number is generated and attached to each data item, signatures are subsequently generated based on the data items + user ID number), as well as to provide the secret identifier to the selector device (see, e.g., [0007-008]), and to store the secret identifier on the selector device (see, e.g., [0007-008]; Note: the user’s record identifier is never shared with the receiver device <i.e., is a secret record identifier>).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Takamune with the teachings of Yokota, to determine a secret record identifier and subsequently add the secret identifier to each data item before generating integrity signatures, and providing the signatures and ID to the selector device. Particularly, such that the system is configured to: determine a secret record identifier; generate a digital signature on an attribute message using the issuer private key, the attribute message comprising the one or more attributes and the secret record identifier; generate multiple digital signatures on multiple data messages for the multiple data entries using the issuer private key, a data message for a data entry comprising the data entry and the secret record identifier; provide the record, the secret record identifier, the digital signature on the attribute message, and the digital signatures on the data messages to the selector device; the selector device being for selectively disclosing attributes and data entries of the record to a receiver device, the selector device comprising: a memory configured to store: the record, the secret record identifier, the digital signature on the attribute message and the digital signatures on the data messages, to generate different signature values for each value of each user, and to ensure each signature of each value is common to a specific user, detecting forgery of user information (see, e.g., Takamune at [0028-029] with Yokota at [0042], [0055-058]).
While the combination of Takamune and Yokota teach a system for ensuring integrity of personal data provided to a database and to an end device by confirming the first signature, multiple data entry signatures (see, e.g., Takamune at [0028-029] and [0035-036]), and the userID (Yokota at [0042], [0055-058]), the combination of Takamune and Yokota appear to fail to specifically disclose the selector confirming the provenance of the file to the receiver device using zero-knowledge proofs. Particularly, the combination of Takamune and Yokota appear to fail to specifically disclose the system configured to: 
perform a zero-knowledge proof with the selector device with respect to the obtained values and data entries and the issuer public key to ascertain that the obtained values and data entries belong to a record of an issuer device corresponding to the issuer public key, wherein the selector device proves knowledge of: a secret record identifier; 6a digital signature on a message comprising at least the one or more attributes to be disclosed and the secret record identifier, signed with a private key corresponding to the issuer public key; digital signatures on messages comprising the data entries to be disclosed and each comprising the secret record identifier, signed with a private key corresponding to the issuer public key.
However, Wang teaches a known technique for proving integrity of stored personal information to an end device (abstract), comprising an issuing device, selecting device, and receiving device (see, e.g., § 3.1 – user device <i.e., issuing device> runs a KeyGen and SigGen program to protect a file to be provided to a sever <i.e., selector>, which then attests to the provenance of the file to an auditing device <i.e., receiver>). This technique is applicable to the combination of Takamune and Yokata as they both share similar characteristics and capabilities, namely, they are both directed to confirming the provenance and integrity of stored sensitive user information (see, e.g., Takamune at [0028-029] and Wang at abstract).
Particularly, Wang teaches an issuing device, selecting device, and receiving device (§ 3.1 – user device <i.e., issuing device> runs a KeyGen and SigGen program to protect a file to be provided to a sever <i.e., selector>, which then attests to the provenance of the file to an auditing device <i.e., receiver>), the receiver device configured to: 
- perform the zero-knowledge proof with the selector device with respect to the file’s information and issuer’s public key (§ 3.4 and 3.6 – user <i.e., issuing device> generates signatures and information to protect a file, which is provided to a sever <i.e., selector>. The signature is generated using a private key of the user <i.e., has corresponding public key of the user>. The server then attests to the provenance of the file and signatures <i.e., and associated public key> using zero-knowledge proof of knowledges to the auditing device <i.e., receiver> as being from the user device <i.e., issuer>. The auditing device confirms the proof of knowledge.).
One of ordinary skill in the art before the effective filing date of the claimed invention would have recognized that applying the known technique of Wang (of using zero-knowledge proofs to prove the signatures and file provenance to an end device) to the combination of Takamune and Yokata would have yielded predictable results and resulted in an improved system. It would have been recognized that applying the technique of Wang to the combination of Takamune and Yokata would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references shows the ability to incorporate zero-knowledge proofs into an integrity scheme to confirm a file and associated signatures are provided from a specific issuer.
	In view of the foregoing, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Takamune and Yokata with the teachings of Wang, wherein the receiver device is configured to perform a zero-knowledge proof with the selector device with respect to the obtained values and data entries and the issuer public key to ascertain that the obtained values and data entries belong to a record of an issuer device corresponding to the issuer public key, wherein the selector device proves knowledge of: a secret record identifier; 6a digital signature on a message comprising at least the one or more attributes to be disclosed and the secret record identifier, signed with a private key corresponding to the issuer public key; digital signatures on messages comprising the data entries to be disclosed and each comprising the secret record identifier, signed with a private key corresponding to the issuer public key, to confirm the provenance of the provided data to a recipient while preserving the user’s privacy (see, e.g., Wang at § 2.1).

Regarding claim 14, the combination of Takamune, Yokota, and Wang teach the receiver device according to claim 13, wherein the receiver device is configured to perform the zero-knowledge proof by obtaining a non-interactive zero-knowledge proof from the selector device and verifying the non-interactive zero-knowledge proof (Wang at e.g., § 3.1 – user device <i.e., issuing device> runs a KeyGen and SigGen program to protect a file to be provided to a sever <i.e., selector>, which then attests to the provenance of the file to an auditing device <i.e., receiver> using zero-knowledge proofs for each audited record). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention implement the combination of Takamune, Yokata, and Wang with the teachings of Wang, wherein the receiver device is configured to perform the zero-knowledge proof by obtaining a non-interactive zero-knowledge proof from the selector device and verifying the non-interactive zero-knowledge proof, to confirm the provenance of the provided data to a recipient while preserving the user’s privacy (see, e.g., Wang at § 2.1).

Regarding claim 16, Takamune teaches A selector method of selectively disclosing attributes and data entries of a record to a receiver device ([0015-016] – an end user client system <i.e., receiver> receives the determined verified data, e.g.,  from the data management system; [0028] – specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc.), the selector method comprising: 
- storing ([0005-007] – data management system implemented via a computer system): 
- the record, comprising one or more attributes and comprising multiple data entries ([0021-022], and [0028-029] – user system has personal data profile <i.e., record> comprising a plurality of attribute categories with data points. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc.); a digital signature on an attribute message generated using an issuer private key ([0021-022], and [0028-029] – digital signature generated on the plurality of data points for transmitting to the storage platform. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo” , etc. Signatures are generated using the private key of the user/applicant device <i.e., issuers>), the attribute message comprising the one or more attributes and the secret record identifier ([0021-022], and [0028-029] – digital signature generated on the plurality of data points for transmitting to the storage platform. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc.); and digital signatures on the data messages generated using the issuer private key ([0021-022], and [0028-029] – digital signature generated on each of the data point entries for transmitting to the storage platform. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc. Signatures are generated using the private key of the user/applicant device <i.e., issuers>), a data message for a data entry comprising the data entry[[ and the secret record identifier]] ([0021-022], and [0028-029] – digital signature generated on each of the plurality of data point entries for transmitting to the storage platform. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc.); 
- obtaining the record[[, the secret record identifier,]] the digital signature on the attribute message and the digital signatures on the data messages ([0023-025] – data, aggregate signature of the user a personal data profile <i.e., record>, and individual signatures of data entries sent to and stored on the data management system); 
- determining one or more attributes to be disclosed as a subset of the one or more attributes ([0015-016] – an end user client system <i.e., receiver> requests and receives determined verified data/attributes from the data management system; [0028] – attributes may be, e.g., age, name, city, etc.), and one or more data entries to be disclosed as a subset of the multiple data entries ([0015-016] – an end user client system <i.e., receiver> requests and receives the determined verified data/attributes from the data management system for a specific user; [0028] – specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc.); 
- providing the one or more attributes to be disclosed and the one or more data entries to be disclosed to the receiver device ([0015-016] – an end user client system <i.e., receiver> requests and receives the determined verified data/attributes from the data management system for a specific user; [0028] – specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc.); 
While Takamune teaches a system for ensuring integrity of personal data provided to a database (see, e.g., [0005-007]), as well as generating the signatures using attributes/data entries (see, e.g., [0028-029]) it appears to fail to specifically disclose using a secret record identifier in the signature. 
Particularly, Takamune appears to fail to specifically teach the system configured to storing a secret record identifier; generating a digital signature on an attribute message using the issuer private key, the attribute message comprising the one or more attributes and the secret record identifier; generating multiple digital signatures on multiple data messages for the multiple data entries using the issuer private key, a data message for a data entry comprising the data entry and the secret record identifier; providing the record, the secret record identifier, the digital signature on the attribute message, and the digital signatures on the data messages to the selector device; the selector device being for selectively disclosing attributes and data entries of the record to a receiver device, the selector device comprising: a memory configured to store: the record, the secret record identifier, the digital signature on the attribute message and the digital signatures on the data messages. 
In addition, Takamune appears to fail to teach the system configured to performing a zero-knowledge proof with the receiver device, wherein the selector device proves knowledge of: the secret record identifier; the digital signature on the attribute message as being a digital signature on a message comprising at least the one or more attributes to be disclosed and the secret record identifier, signed with a private key corresponding to the issuer public key; the digital signatures on the data messages for the data entries to be disclosed as being digital signatures on messages comprising the data entries to be disclosed and each comprising the secret record identifier, signed with a private key corresponding to the issuer public key.
	However, Yokota teaches a similar system for protecting sensitive personal information in a database (see, e.g., Yokota at [0010-012]), and ensuring the integrity of submitted personal information by attaching a digital signature to the submitted information (see, e.g., [0019]), further configured to determine a secret record identifier and subsequently add the secret identifier to each data item before generating digital signatures over the items ([0029] – user ID number is generated and attached to each data item, signatures are subsequently generated based on the data items + user ID number), as well as to provide the secret identifier to the selector device (see, e.g., [0007-008]), and to store the secret identifier on the selector device (see, e.g., [0007-008]; Note: the user’s record identifier is never shared with the receiver device <i.e., is a secret record identifier>).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Takamune with the teachings of Yokota, to store a secret record identifier and subsequently add the secret identifier to each data item before generating integrity signatures, and providing the signatures and ID to the selector device. Particularly, such that the system is configured to: determining a secret record identifier; generating a digital signature on an attribute message using the issuer private key, the attribute message comprising the one or more attributes and the secret record identifier; generating multiple digital signatures on multiple data messages for the multiple data entries using the issuer private key, a data message for a data entry comprising the data entry and the secret record identifier; provide the record, the secret record identifier, the digital signature on the attribute message, and the digital signatures on the data messages to the selector device; the selector device being for selectively disclosing attributes and data entries of the record to a receiver device, the selector device comprising: a memory configured to store: the record, the secret record identifier, the digital signature on the attribute message and the digital signatures on the data messages, to generate different signature values for each value of each user, and to ensure each signature of each value is common to a specific user, detecting forgery of user information (see, e.g., Takamune at [0028-029] with Yokota at [0042], [0055-058]).
While the combination of Takamune and Yokota teach a system for ensuring integrity of personal data provided to a database and to an end device by confirming the first signature, multiple data entry signatures (see, e.g., Takamune at [0028-029] and [0035-036]), and the userID (Yokota at [0042], [0055-058]), the combination of Takamune and Yokota appear to fail to specifically disclose the selector confirming the provenance of the file to the receiver device using zero-knowledge proofs. Particularly, the combination of Takamune and Yokota appear to fail to specifically disclose: 
the selector device configured to: performing a zero-knowledge proof with the receiver device, wherein the selector device proves knowledge of: the secret record identifier; the digital signature on the attribute message as being a digital signature on a message comprising at least the one or more attributes to be disclosed and the secret record identifier, signed with a private key corresponding to the issuer public key; the digital signatures on the data messages for the data entries to be disclosed as being digital signatures on messages comprising the data entries to be disclosed and each comprising the secret record identifier, signed with a private key corresponding to the issuer public key; the receiver device to: perform the zero-knowledge proof with the selector device with respect to the obtained values and data entries and the issuer public key to ascertain that the obtained values and data entries belong to the record of the issuer device.
However, Wang teaches a known technique for proving integrity of stored personal information to an end device (abstract), comprising an issuing device, selecting device, and receiving device (see, e.g., § 3.1 – user device <i.e., issuing device> runs a KeyGen and SigGen program to protect a file to be provided to a sever <i.e., selector>, which then attests to the provenance of the file to an auditing device <i.e., receiver>). This technique is applicable to the combination of Takamune and Yokata as they both share similar characteristics and capabilities, namely, they are both directed to confirming the provenance and integrity of stored sensitive user information (see, e.g., Takamune at [0028-029] and Wang at abstract).
Particularly, Wang teaches an issuing device, selecting device, and receiving device (§ 3.1 – user device <i.e., issuing device> runs a KeyGen and SigGen program to protect a file to be provided to a sever <i.e., selector>, which then attests to the provenance of the file to an auditing device <i.e., receiver>), the selector device configured to: 
- perform a zero-knowledge proof with the receiver device, wherein the selector device proves knowledge (§ 3.1 and 3.6 – user <i.e., issuing device> runs a KeyGen and SigGen program to protect a file provided to a sever <i.e., selector>, which then attests to the provenance of the file using a zero-knowledge proof of knowledge which is confirmed the auditing device <i.e., receiver>. The auditing device confirms the proof of knowledge.) of: 
all generated digital signatures and data related to the file’s provenance (§ 3.1 and 3.6 – user <i.e., issuing device> generates signatures and information to protect a file’s information, which is provided to a sever <i.e., selector>. The server then attests to the provenance of the file using zero-knowledge proof of knowledges which confirm possession of the signatures and information to the auditing device <i.e., receiver>);
the receiver device configured to: 
- perform the zero-knowledge proof with the selector device with respect to the file’s information and issuer’s public key (§ 3.4 and 3.6 – user <i.e., issuing device> generates signatures and information to protect a file, which is provided to a sever <i.e., selector>. The signature is generated using a private key of the user <i.e., has corresponding public key of the user>. The server then attests to the provenance of the file and signatures <i.e., and associated public key> using zero-knowledge proof of knowledges to the auditing device <i.e., receiver> as being from the user device <i.e., issuer>. The auditing device confirms the proof of knowledge.).
One of ordinary skill in the art before the effective filing date of the claimed invention would have recognized that applying the known technique of Wang (of using zero-knowledge proofs to prove the signatures and file provenance to an end device) to the combination of Takamune and Yokata would have yielded predictable results and resulted in an improved system. It would have been recognized that applying the technique of Wang to the combination of Takamune and Yokata would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references shows the ability to incorporate zero-knowledge proofs into an integrity scheme to confirm a file and associated signatures are provided from a specific issuer.
	In view of the foregoing, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Takamune and Yokata with the teachings of Wang, wherein the selector device is configured for: performing a zero-knowledge proof with the receiver device, wherein the selector device proves knowledge of: the secret record identifier; the digital signature on the attribute message as being a digital signature on a message comprising at least the one or more attributes to be disclosed and the secret record identifier, signed with a private key corresponding to the issuer public key; the digital signatures on the data messages for the data entries to be disclosed as being digital signatures on messages comprising the data entries to be disclosed and each comprising the secret record identifier, signed with a private key corresponding to the issuer public key, to confirm the provenance of the provided data to a recipient while preserving the user’s privacy (see, e.g., Wang at § 2.1).

Regarding claim 17, the combination of Takamune, Yokota, and Wang teach a receiver method of selectively obtaining attributes and data entries of record from a selector device ([0015-016] and [0035-036] – an end user client system <i.e., receiver> requests and receives the determined verified data/attributes from the data management system for a specific personal data profile <i.e., record>; [0028] – specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc.), the receiver method comprising: 
- storing an issuer public key ([0005-007] – client system/user system implemented via a computer system having a public key <i.e., has memory is configured to store the public key>); 
- obtaining from the selector device one or more attributes and one or more data entries ([0015-016] and [0035-036] – an end user client system <i.e., receiver> requests and receives the determined verified data/attributes from the data management system for a specific user; [0028] – specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc.). 
While Takamune teaches a system for ensuring integrity of personal data provided to a database (see, e.g., [0005-007]), as well as generating the signatures using attributes/data entries (see, e.g., [0028-029]) it appears to fail to specifically disclose using a secret record identifier in the signature. 
Particularly, Takamune appears to fail to specifically teach the performing a zero-knowledge proof with the selector device with respect to the obtained values and data entries and the issuer public key to ascertain that the obtained values and data entries belong to a record of an issuer device corresponding to the issuer public key, wherein the selector device proves knowledge of: a secret record identifier; 6a digital signature on a message comprising at least the one or more attributes to be disclosed and the secret record identifier, signed with a private key corresponding to the issuer public key; digital signatures on messages comprising the data entries to be disclosed and each comprising the secret record identifier, signed with a private key corresponding to the issuer public key.  
	However, Yokota teaches a similar system for protecting sensitive personal information in a database (see, e.g., Yokota at [0010-012]), and ensuring the integrity of submitted personal information by attaching a digital signature to the submitted information (see, e.g., [0019]), further configured to determine a secret record identifier and subsequently add the secret identifier to each data item before generating digital signatures over the items ([0029] – user ID number is generated and attached to each data item, signatures are subsequently generated based on the data items + user ID number), as well as to provide the secret identifier to the selector device (see, e.g., [0007-008]), and to store the secret identifier on the selector device (see, e.g., [0007-008]; Note: the user’s record identifier is never shared with the receiver device <i.e., is a secret record identifier>).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Takamune with the teachings of Yokota, to determine a secret record identifier and subsequently add the secret identifier to each data item before generating integrity signatures, and providing the signatures and ID to the selector device. Particularly, such that the system is configured to: determine a secret record identifier; generate a digital signature on an attribute message using the issuer private key, the attribute message comprising the one or more attributes and the secret record identifier; generate multiple digital signatures on multiple data messages for the multiple data entries using the issuer private key, a data message for a data entry comprising the data entry and the secret record identifier; provide the record, the secret record identifier, the digital signature on the attribute message, and the digital signatures on the data messages to the selector device; the selector device being for selectively disclosing attributes and data entries of the record to a receiver device, the selector device comprising: a memory configured to store: the record, the secret record identifier, the digital signature on the attribute message and the digital signatures on the data messages, to generate different signature values for each value of each user, and to ensure each signature of each value is common to a specific user, detecting forgery of user information (see, e.g., Takamune at [0028-029] with Yokota at [0042], [0055-058]).
While the combination of Takamune and Yokota teach a system for ensuring integrity of personal data provided to a database and to an end device by confirming the first signature, multiple data entry signatures (see, e.g., Takamune at [0028-029] and [0035-036]), and the userID (Yokota at [0042], [0055-058]), the combination of Takamune and Yokota appear to fail to specifically disclose the selector confirming the provenance of the file to the receiver device using zero-knowledge proofs. Particularly, the combination of Takamune and Yokota appear to fail to specifically disclose the system configured to: 
performing a zero-knowledge proof with the selector device with respect to the obtained values and data entries and the issuer public key to ascertain that the obtained values and data entries belong to a record of an issuer device corresponding to the issuer public key, wherein the selector device proves knowledge of: a secret record identifier; 6a digital signature on a message comprising at least the one or more attributes to be disclosed and the secret record identifier, signed with a private key corresponding to the issuer public key; digital signatures on messages comprising the data entries to be disclosed and each comprising the secret record identifier, signed with a private key corresponding to the issuer public key.
However, Wang teaches a known technique for proving integrity of stored personal information to an end device (abstract), comprising an issuing device, selecting device, and receiving device (see, e.g., § 3.1 – user device <i.e., issuing device> runs a KeyGen and SigGen program to protect a file to be provided to a sever <i.e., selector>, which then attests to the provenance of the file to an auditing device <i.e., receiver>). This technique is applicable to the combination of Takamune and Yokata as they both share similar characteristics and capabilities, namely, they are both directed to confirming the provenance and integrity of stored sensitive user information (see, e.g., Takamune at [0028-029] and Wang at abstract).
Particularly, Wang teaches an issuing device, selecting device, and receiving device (§ 3.1 – user device <i.e., issuing device> runs a KeyGen and SigGen program to protect a file to be provided to a sever <i.e., selector>, which then attests to the provenance of the file to an auditing device <i.e., receiver>), the receiver device configured to: 
- perform the zero-knowledge proof with the selector device with respect to the file’s information and issuer’s public key (§ 3.4 and 3.6 – user <i.e., issuing device> generates signatures and information to protect a file, which is provided to a sever <i.e., selector>. The signature is generated using a private key of the user <i.e., has corresponding public key of the user>. The server then attests to the provenance of the file and signatures <i.e., and associated public key> using zero-knowledge proof of knowledges to the auditing device <i.e., receiver> as being from the user device <i.e., issuer>. The auditing device confirms the proof of knowledge.).
One of ordinary skill in the art before the effective filing date of the claimed invention would have recognized that applying the known technique of Wang (of using zero-knowledge proofs to prove the signatures and file provenance to an end device) to the combination of Takamune and Yokata would have yielded predictable results and resulted in an improved system. It would have been recognized that applying the technique of Wang to the combination of Takamune and Yokata would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references shows the ability to incorporate zero-knowledge proofs into an integrity scheme to confirm a file and associated signatures are provided from a specific issuer.
	In view of the foregoing, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Takamune and Yokata with the teachings of Wang, the receiver device performing a zero-knowledge proof with the selector device with respect to the obtained values and data entries and the issuer public key to ascertain that the obtained values and data entries belong to a record of an issuer device corresponding to the issuer public key, wherein the selector device proves knowledge of: a secret record identifier; 6a digital signature on a message comprising at least the one or more attributes to be disclosed and the secret record identifier, signed with a private key corresponding to the issuer public key; digital signatures on messages comprising the data entries to be disclosed and each comprising the secret record identifier, signed with a private key corresponding to the issuer public key, to confirm the provenance of the provided data to a recipient while preserving the user’s privacy (see, e.g., Wang at § 2.1).

Claim(s) 3-4, 6-7, 15, and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Takamune in view of Yokota.
Regarding claim 3, Takamune teaches an issuer device for providing a record to a selector device for selective disclosure ([0012] and [0015-016] – user/applicant sends personal data to a data storage platform <i.e., selector device>, which verifies the data, and provides verified requested data to an end user <i.e., selectively discloses data>), the issuer device comprising: 
- a memory ([0005-007] – user system implemented via a computer terminal which provides stored information to a database) configured to store: 
- an issuer private key, the issuer private key forming a public-private key pair with a corresponding issuer public key ([0005-007] – system implemented via a computer terminal which provides stored information to a database, the terminal having a private key paired with a corresponding public key); 
- the record, the record comprising one or more attributes and comprising multiple data entries ([0021-022], and [0028-029] – user/applicant system has personal data profile <i.e., record>comprising a plurality of attribute categories with data points. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”); 
- a processor ([0005-007] – user system implemented via computer terminal) configured to: 
- generate a digital signature on an attribute message using the issuer private key ([0021-022], and [0028-029] – digital signature generated on the plurality of data points for transmitting to the storage platform. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo” , etc. Signatures are generated using the private key of the user/applicant device <i.e., issuers>), the attribute message comprising the one or more attributes [[and the secret record identifier]] ([0021-022], and [0028-029] – digital signature generated on the plurality of data points for transmitting to the storage platform. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc.); 
- generate multiple digital signatures on multiple data messages for the multiple data entries using the issuer private key ([0021-022], and [0028-029] – digital signature generated on each of the data point entries for transmitting to the storage platform. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc. Signatures are generated using the private key of the user/applicant device <i.e., issuers>), a data message for a data entry comprising the data entry [[and the secret record identifier]] ([0021-022], and [0028-029] – digital signature generated on each of the plurality of data point entries for transmitting to the storage platform. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc.); 
- provide the record[[, the secret record identifier]], the digital signature on the attribute message, and the digital signatures on the data messages to the selector device ([0021-023], and [0028-029] – user personal data to be disclosed <i.e., the record>, aggregate signature, and individual signatures sent to the data management system).  
While Takamune teaches a system for ensuring integrity of personal data provided to a database (see, e.g., [0005-007]), as well as generating the signatures using attributes/data entries (see, e.g., [0028-029]) it appears to fail to specifically disclose using a secret record identifier in the signature. 
Particularly, Takamune appears to fail to specifically teach the system configured to determine a secret record identifier; generate a digital signature on an attribute message using the issuer private key, the attribute message comprising the one or more attributes and the secret record identifier; generate multiple digital signatures on multiple data messages for the multiple data entries using the issuer private key, a data message for a data entry comprising the data entry and the secret record identifier; provide the record, the secret record identifier, the digital signature on the attribute message, and the digital signatures on the data messages to the selector device; the selector device being for selectively disclosing attributes and data entries of the record to a receiver device, the selector device comprising: a memory configured to store: the record, the secret record identifier, the digital signature on the attribute message and the digital signatures on the data messages. 	
However, Yokota teaches a similar system for protecting sensitive personal information in a database (see, e.g., Yokota at [0010-012]), and ensuring the integrity of submitted personal information by attaching a digital signature to the submitted information (see, e.g., [0019]), further configured to determine a secret record identifier and subsequently add the secret identifier to each data item before generating digital signatures over the items ([0029] – user ID number is generated and attached to each data item, signatures are subsequently generated based on the data items + user ID number), as well as to provide the secret identifier to the selector device (see, e.g., [0007-008]), and to store the secret identifier on the selector device (see, e.g., [0007-008]; Note: the user’s record identifier is never shared with the receiver device <i.e., is a secret record identifier>).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Takamune with the teachings of Yokota, to determine a secret record identifier and subsequently add the secret identifier to each data item before generating integrity signatures, and providing the signatures and ID to the selector device. Particularly, such that the system is configured to: determine a secret record identifier; generate a digital signature on an attribute message using the issuer private key, the attribute message comprising the one or more attributes and the secret record identifier; generate multiple digital signatures on multiple data messages for the multiple data entries using the issuer private key, a data message for a data entry comprising the data entry and the secret record identifier; provide the record, the secret record identifier, the digital signature on the attribute message, and the digital signatures on the data messages to the selector device, to generate different signature values for each value of each user, and to ensure each signature of each value is common to a specific user, detecting forgery of user information (see, e.g., Takamune at [0028-029] with Yokota at [0042], [0055-058]).

Regarding claim 4, the combination of Takamune and Yokota teach the issuer device according to claim 3, wherein the digital signature on the data message is based on a sum of at least the secret record identifier and a digest of the data entry (Yokota at [0029] – user ID number is generated and attached to each data item, signatures are generated based on the data items + user ID number; Note: One of ordinary skill in the art before the effective filing date of the claimed invention would recognize a digital signature is generated based on hash of the base value to be signed <i.e., this is called the digest>, and then encrypted with the public key of the sender to generate the signature <i.e., digital signature generated using the digest>). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Takamune and Yokota with the teachings of Yokota, wherein the digital signature on the data message is based on a sum of at least the secret record identifier and a digest of the data entry, to generate different signature values for each value of each user, and to ensure each signature of each value is common to a specific user, detecting forgery of user information (see, e.g., Takamune at [0028-029] with Yokota at [0042], [0055-058]).

Regarding claim 6, the combination of Takamune and Yokota teach the issuer device according to claim 3, wherein the digital signature on the attribute message comprises an anonymous credential signed with the issuer private key (Takamune at [0021-022], and [0028-029] – digital signature generated on the plurality of data points of a users private profile <i.e., anonymous credential> for transmitting to the storage platform. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo” , etc. Signatures are generated using the private key of the user/applicant device <i.e., issuers>. The signature may be generated over the entire user private profile.), the anonymous credential having the one or more attributes and the secret record identifier as attributes (Takamune at [0021-022], and [0028-029] – digital signature generated on the plurality of data points of a users private profile <i.e., anonymous credential> for transmitting to the storage platform. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo” , etc. Signatures are generated using the private key of the user/applicant device <i.e., issuers>. The signature may be generated over the entire user private profile.; with Yokota at [0029] – user ID number is generated and attached to each data item, signatures are subsequently generated based on the data items + user ID number; Note: the user’s record identifier is never shared with the receiver device <i.e., is a secret record identifier>).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Takamune and Yokota with the teachings of Yokota, wherein the digital signature on the attribute message comprises an anonymous credential signed with the issuer private key, the anonymous credential having the one or more attributes and the secret record identifier as attributes, to generate different signature values for each value of each user, and to ensure each signature of each value is common to a specific user, detecting forgery of user information (see, e.g., Takamune at [0028-029] with Yokota at [0042], [0055-058]).

Regarding claim 7, the combination of Takamune and Yokota teach the issuer device according to claim 3, wherein the issuer device is further configured to obtain updated data for one of the multiple data entries (Takamune at [0021-022], and [0028-029] – digital signature generated on the plurality of data points for transmitting to the storage platform. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo” , etc. Signatures are generated using the private key of the user/applicant device <i.e., issuers>. New information may be transmitted in the same manner), to generate an updated digital signature on a data message for said updated data entry, and to provide the updated digital signature to the selector device (Takamune at [0021-022], and [0028-029] – digital signature generated on the plurality of data points for transmitting to the storage platform. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo” , etc. Signatures are generated using the private key of the user/applicant device <i.e., issuers>. New information may be transmitted in the same manner).  

Regarding claim 15, the combination of Takamune, Yokota, and Wang teach an issuer method of providing a record to a selector device for selective disclosure ([0012] and [0015-016] – user/applicant sends personal data to a data storage platform <i.e., selector device>, which verifies the data, and provides verified requested data to an end user <i.e., selectively discloses data>), the issuer method comprising: 
- storing ([0005-007] – user system implemented via a computer terminal which provides stored information to a database): 
- an issuer private key, the issuer private key forming a public-private key pair with a corresponding issuer public key ([0005-007] – system implemented via a computer terminal which provides stored information to a database, the terminal having a private key paired with a corresponding public key); 
- the record, the record comprising one or more attributes and comprising multiple data entries ([0021-022], and [0028-029] – user/applicant system has personal data profile <i.e., record>comprising a plurality of attribute categories with data points. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”); 
	- generating a digital signature on an attribute message using the issuer private key ([0021-022], and [0028-029] – digital signature generated on the plurality of data points for transmitting to the storage platform. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo” , etc. Signatures are generated using the private key of the user/applicant device <i.e., issuers>), the attribute message comprising the one or more attributes [[and the secret record identifier]] ([0021-022], and [0028-029] – digital signature generated on the plurality of data points for transmitting to the storage platform. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc.); 
- generating multiple digital signatures on multiple data messages for the multiple data entries using the issuer private key ([0021-022], and [0028-029] – digital signature generated on each of the data point entries for transmitting to the storage platform. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc. Signatures are generated using the private key of the user/applicant device <i.e., issuers>), a data message for a data entry comprising the data entry [[and the secret record identifier]] ([0021-022], and [0028-029] – digital signature generated on each of the plurality of data point entries for transmitting to the storage platform. Specific attributes disclosed may be age, name, city, etc., the data entries being, e.g., “25”, “Yamada”, “Tokyo”, etc.); 
- providing the record[[, the secret record identifier,]] the digital signature on the attribute message, and the digital signatures on the data messages to the selector device ([0021-023], and [0028-029] – user personal data to be disclosed <i.e., the record>, aggregate signature, and individual signatures sent to the data management system).  
While Takamune teaches a system for ensuring integrity of personal data provided to a database (see, e.g., [0005-007]), as well as generating the signatures using attributes/data entries (see, e.g., [0028-029]) it appears to fail to specifically disclose using a secret record identifier in the signature. 
Particularly, Takamune appears to fail to specifically teach the system configured to determining a secret record identifier; generating a digital signature on an attribute message using the issuer private key, the attribute message comprising the one or more attributes and the secret record identifier; generating multiple digital signatures on multiple data messages for the multiple data entries using the issuer private key, a data message for a data entry comprising the data entry and the secret record identifier; providing the record, the secret record identifier, the digital signature on the attribute message, and the digital signatures on the data messages to the selector device; the selector device being for selectively disclosing attributes and data entries of the record to a receiver device, the selector device comprising: a memory configured to store: the record, the secret record identifier, the digital signature on the attribute message and the digital signatures on the data messages. 	
However, Yokota teaches a similar system for protecting sensitive personal information in a database (see, e.g., Yokota at [0010-012]), and ensuring the integrity of submitted personal information by attaching a digital signature to the submitted information (see, e.g., [0019]), further configured to determine a secret record identifier and subsequently add the secret identifier to each data item before generating digital signatures over the items ([0029] – user ID number is generated and attached to each data item, signatures are subsequently generated based on the data items + user ID number), as well as to provide the secret identifier to the selector device (see, e.g., [0007-008]), and to store the secret identifier on the selector device (see, e.g., [0007-008]; Note: the user’s record identifier is never shared with the receiver device <i.e., is a secret record identifier>).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Takamune with the teachings of Yokota, to determine a secret record identifier and subsequently add the secret identifier to each data item before generating integrity signatures, and providing the signatures and ID to the selector device. Particularly, comprising determining a secret record identifier; generating a digital signature on an attribute message using the issuer private key, the attribute message comprising the one or more attributes and the secret record identifier; generating multiple digital signatures on multiple data messages for the multiple data entries using the issuer private key, a data message for a data entry comprising the data entry and the secret record identifier; providing the record, the secret record identifier, the digital signature on the attribute message, and the digital signatures on the data messages to the selector device, to generate different signature values for each value of each user, and to ensure each signature of each value is common to a specific user, detecting forgery of user information (see, e.g., Takamune at [0028-029] with Yokota at [0042], [0055-058]).

Regarding claim 18, the combination of Takamune and Yokotateach a computer readable storage medium comprising transitory or non-transitory data representing instructions to cause a processor system to perform the method (Takamune at [0005-007] – user/applicant system and data management system implemented via a computer systems) according to claim 15 (see herein with regards to claim 15).

Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Takamune in view of Yokota and Wang, further in view of Gross et al. (US20120005098, Hereinafter “Gross”).
Regarding claim 2, the combination of Takamune, Yokata, and Wang teach the system according to claim 1. While the combination of Takamune, Yokata, and Wang teach providing sensitive personal information records of a user (see, e.g., Takamune at [0028-029]), the combination of Takamune, Yokata, and Wang appear to fail to specifically teach wherein the attributes comprise one or more phenotype attributes about a person; and the data entries comprise one or more genome portions of the person. 
However, Gross teaches a system for preserving privacy of user phenotype/genome information using zero knowledge proofs (see, e.g., abstract, [0092]), wherein the attributes comprise one or more phenotype attributes about a person ([0004-005] and [0025] – disclosed private user attributes may be phenotypes of a person); and the data entries comprise one or more genome portions of the person ([0025] and [0076] – disclosed private user entries may be genome portions of a person).
	It would have been obvious to one of ordinary skill in he art before the effective filing date of the claimed invention to modify the combination of Takamune, Yokata, and Wang with the teachings of Gross, wherein the attributes comprise one or more phenotype attributes about a person; and the data entries comprise one or more genome portions of the person, so that individuals may securely provide samples to analyzers and learn information about their genetic makeup (see, e.g., Gross at [0005-007]).

Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Takamune in view of Yokota, further in view of Futa et al. (US20090094464, Hereinafter “Futa”).
Regarding claim 5, the combination of Takamune and Yokota teach the issuer device according to claim 3. While the combination of Takamune and Yokota further teach generating a signature and adding a user ID to the signature input (see, e.g., Yokota at [0028], [0041]), yet fails to specifically disclose wherein the processor is configured to generate the digital signature on the data message by computing an exponentiation of a group element (g) to a multiplicative inverse of a value (x + y + H(m)), said value being based on at least the issuer private key (x), the secret record identifier (y), and the data entry (i). 
	However, Futa teaches a signature generating method for multiple inputs (see abstract, [0003]), wherein the processor is configured to generate the digital signature on the data message by computing an exponentiation of a group element (g) ([0048] – exponentiation of group element Ga of group g is computed) to a multiplicative inverse of a value (x + y + H(m)) ([0044-046] and claims 4-6 – multiplicative inverse of a hash of the message/entry, secret key k <i.e., secret record identifier>, and the private key used to generate the group element), said value being based on at least the issuer private key (x), the secret record identifier (y), and the data entry (i) ([0044-046] and claims 4-6 – multiplicative inverse of a hash of the message/entry, secret key k <i.e., secret record identifier>, and the private key used to generate the group element).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Takamune and Yokota with the teachings of Futa, wherein the processor is configured to generate the digital signature on the data message by computing an exponentiation of a group element (g) to a multiplicative inverse of a value (x + y + H(m)), said value being based on at least the issuer private key (x), the secret record identifier (y), and the data entry (i), to make the signature scheme hard to analyze and malicious parties (see, e.g., Futa at [0035-038]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Spalka et al. (EP2336933) teaches a method for pseudo-anonymously storing signed medical information in a database (see, e.g., [0024] and [0118-119]). Furukawa (US20110202764) teaches using zero knowledge proofs to prevent medical information from leaking through a digital signature (see, e.g., [0034] and [0072-073]).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSHUA RAYMOND WHITE whose telephone number is (571)272-4365. The examiner can normally be reached Monday-Thursday, & Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on 5712723787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/J.R.W./Examiner, Art Unit 2438                                                                                                                                                                                                        /TAGHI T ARANI/Supervisory Patent Examiner, Art Unit 2438