Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings
The drawings are objected to because the unlabeled rectangular boxes shown in the drawings should be provided with descriptive text labels.  Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.



Claim Objections
Claims 25 and 36-38 are objected to because of the following informalities: “any one of claim 22.”  This appears to be a typographical error and in the interest of compact prosecution will be interpreted as “the data network of claim 22.”  Appropriate correction is required.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation use a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitations are: 
a “computer unit” and a “server device” recited in Claims 22-42;
a “supporter computer device” recited in Claims 29-32
a “transmission path disconnection device” recited in Claim 33;
a “trust computer unit” recited in Claim 36;
Because this/these claim limitations are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have these limitations interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitations to avoid them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitations recite sufficient structure to perform the claimed function so as to avoid them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 22-42 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

Regarding Claim 22, Claim 22 recites “an allocation rule…which allocates an identifier to the user and his or her de-personalized personal data” but also recites “a personalization of the de-personalized personal data in the form of an allocation of the de-personalized personal data to the associated user, based on the de-personalized data and the identifier present on the server device, not being possible.”  It is unclear how the allocation rule functions to allocate an identifier to the user and the user’s de-personalized personal data when Claim 22 also requires that a personalization of the de-personalized data in the form of an allocation of the de-personalized data is not possible.  In the interest of compact prosecution, Examiner will interpret this limitation as reciting that allocating/associating the user to the user’s de-personalized data is impossible without the allocation rule.  
Additionally, Claim 22 recites that the server device stores “personal, sensitive data,” but also that “personal data being exclusively stored on the server device in the form of de-personalized personal data with the identifier.”  Due to the language of the data being “personal, sensitive data,” it is unclear whether the data stored on the server is personalized data or de-personalized data.  In accordance with pgs. 4-5 of the present Specification, and in the interest of compact prosecution, Examiner will interpret the data stored on the server to be de-personalized data.
Appropriate correction is required.

Specifically pertaining to Claim 28, Claim 28 recites “the stored personal information at least partially reconstructs the original information unit data including the personal information.”  There is insufficient antecedent basis for this limitation in the claim, as “an original information unit data” is never previously recited and/or defined.  In the interest of compact prosecution, Examiner will interpret this limitation as reciting construction of personalized personal data.  Appropriate correction is required.

Specifically pertaining to Claim 33, Claim 33 recites “makes it impossible to infer the transmission path from the computer unit and from de- personalized personal data on the server device.”  There is insufficient antecedent basis for this limitation in the claim, as “a transmission path” is never previously recited and/or defined.  Furthermore, the metes and bounds of this limitation are unclear, as “a transmission path,” given the broadest reasonable interpretation, may be interpreted as broadly as, for example, a network used to communicate the data.  It is unclear how the transmission path disconnection device would make it impossible to determine what network was used to communicate data.  In the interest of compact prosecution, Examiner will interpret Claim 33 as masking/hiding/obfuscating the IP address of the sending device, in accordance with pg. 11 of the Specification.  Appropriate correction is required.

Examiner further notes that Claims 22-42 are generally narrative and indefinite, failing to conform with current U.S. practice.  They appear to be a literal translation into English from a foreign document and are replete with grammatical and idiomatic errors.  
For example, in addition to the language identified above for Claim 22, Claim 27 recites “wherein the computer unit associated with the user having the control logic by which information unit data is output on an output of the computer unit, and that enables the user to remove personal information and information allowing the person to be inferred,” it is unclear what “that” in “that enables” corresponds to.  That is, it is unclear which of the output, the control logic, and/or the computer unit is what actually enables the user to remove personal information.
As another example, Claim 28 recites “wherein the computer unit associated with the user having the control logic by which personal information and information allowing the person to be inferred that was removed from the information unit data, or converted into generalized personal information and information allowing the person to be inferred, is stored” – it is unclear what “allowing the person to be inferred” refers to in this section, and further the language of “that was removed from the information unit data” it is unclear what the term “that” is referring to, as there is recitation of a previous step of, for example “removing personal information.”
In the interest of compact prosecution, and as will be shown below, Examiner has interpreted the claims as broadly as reasonably possible in light of the present Claims and Specification, but clarification would be beneficial for further prosecution.

Additionally, dependent Claims 23-42 are also rejected under 35 U.S.C. 112(b) due to their dependencies from independent Claim 22, for the reasons disclosed above.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 22-42 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more. 

Step 1
Claims 22-42 are within the four statutory categories.  Claims 22-42 are drawn to a data network (i.e. a system) for de-personalizing patient data, which is within the four statutory categories (i.e. machine).

Prong 1 of Step 2A
Claim 22 recites: A data network, comprising:   
a server device, on which personal, sensitive data of a user is stored; and 
a computer unit associated with a user, the computer unit and the server device communicating with one another via a network so as to exchange the personal data; 
an allocation rule being present on the computer unit associated with the user, which allocates an identifier to the user and his or her de-personalized personal data, the personal data being exclusively stored on the server device in the form of de- personalized personal data with the identifier, a personalization of the de- personalized personal data in the form of an allocation of the de-personalized personal data to the associated user, based on the de-personalized personal data and the identifier present on the server device, not being possible; 
the computer unit associated with the user comprising a control logic, by which: 
a request is generated to the server device with respect to the transmission of the de-personalized personal data, the request including the identifier associated with the user, and the de-personalized personal data, which is transmitted in response to the request from the server device to the computer unit via the network and with which the identifier is associated, being received; or 
personalized personal data on the computer unit is converted into de- personalized personal data with the associated identifier, using the allocation rule, and the de-personalized personal data, with the associated identifier, is then transmitted from the computer unit via the network to the server device;  In re Application of Thomas Krech Preliminary Amendment April 16, 2020 Page 5 of 10 
the computer unit associated with the user having an interface to a vital data acquisition device; and 
the computer unit associated with the user having the control logic, by which it is possible to remove personal information and information allowing the person to be inferred from information unit data encompassed by the personal data, or to convert the personal information and information allowing the person to be inferred automatically or manually by the user.
The limitations of allocating an identifier to a user and the user’s de-personalized personal data, storing the de-personalized personal data, and requesting the de-personalized data or converting the personalized data to de-personalized data, given the broadest reasonable interpretation, cover the abstract idea of a mental process because they recite a process that could be practically performed in the human mind (i.e. observations, evaluations, judgments, and/or opinions – in this case removing a patient name from patient vital signs data is reasonably interpreted as an evaluation) or using a pen and paper, but for the recitation of generic computer components, e.g. see MPEP 2106.04(a)(2).  Any limitations not identified above as part of the abstract idea are deemed “additional elements,” and will be discussed in further detail below.
Dependent Claims 23-42 include other limitations, for example Claims 24-27 recite inferring the user identity, Claim 27 recites outputting data, Claim 28 recites storing generalized personal information, Claim 31 recites ascertaining findings or generating automated messages from the de-personalized user data, Claim 32 recites acquiring personalized or de-personalized data, Claim 34 recites authenticating the request, Claim 35 recites ascertaining a new allocation rule and new identifier, Claim 36 recites enabling a user to convert the de-personalized data into personalized data, Claim 37 recites types of data to be de-personalized, and Claim 41 recites acquiring vital data, but these either do not add anything not already covered by the abstract idea in independent Claim 22, or only serve to further narrow the abstract idea, and a claim may not preempt abstract ideas, even if the judicial exception is narrow, e.g. see MPEP 2106.04.  Hence dependent Claims 23-42 are nonetheless directed towards fundamentally the same abstract idea as independent Claim 22.

Prong 2 of Step 2A
Claims 22-42 are not integrated into a practical application because the additional elements (i.e. any limitations that are not identified as part of the abstract idea) amount to no more than limitations which:
amount to mere instructions to apply an exception – for example, the recitation of the server device, network, computer unit, and vital acquisition device, which amounts to merely invoking a computer as a tool to perform the abstract idea, e.g. see pg. 4 of the present Specification, see MPEP 2106.05(f); and/or
generally link the abstract idea to a particular technological environment or field of use – for example, the claim language of an identifier and personal data, which amounts to limiting the abstract idea to the field of user data, see MPEP 2106.05(h).
Additionally, dependent Claims 23-42 include other limitations, but these limitations also amount to no more than mere instructions to apply an exception (e.g. the types of devices recited in dependent Claims 23, 30-33, 38, 40, and 42), generally linking the abstract idea to a particular technological environment or field of use (e.g. the types of data recited in dependent Claim 37), and/or adding insignificant extra-solution activity to the abstract idea (e.g. the transmitting of data recited in dependent Claims 29, 33, and 39), and/or do not include any additional elements beyond those already recited in independent Claim 22, and hence also do not integrate the aforementioned abstract idea into a practical application.

Step 2B
Claims 22-42 do not include additional elements that are sufficient to amount to “significantly more” than the judicial exception because the additional elements (i.e. the elements other than the abstract idea), as stated above, are directed towards no more than limitations that amount to mere instructions to apply the exception, and/or generally link the abstract idea to a particular technological environment or field of use, which even when reevaluated under the considerations of Step 2B of the analysis, do not amount to “significantly more” than the abstract idea.
Additionally, dependent Claims 23-42 include other limitations, but none of these limitations are deemed significantly more than the abstract idea because the additional elements recited in the aforementioned dependent claims similarly amount to mere instructions to apply the exception (e.g. the types of devices recited in dependent Claims 23, 30-33, 38, 40, and 42), generally link the abstract idea to a particular technological environment or field of use (e.g. the types of data recited in dependent Claim 37), and/or receiving or transmitting data over a network (e.g. the transmitting of data recited in dependent Claims 29, 33, and 39), e.g. see Intellectual Ventures v. Symantec, and/or do not recite any additional elements not already recited in independent Claim 22 hence do not amount to “significantly more” than the abstract idea.
Thus, taken alone, the additional elements do not amount to significantly more than the abstract idea identified above.  Furthermore, looking at the limitations as an ordered combination adds nothing that is not already present when looking at the elements taken individually, and there is no indication that the combination of elements improves the functioning of a computer or improves any other technology, and their collective functions merely provide conventional computer implementation.
Therefore, whether taken individually or as an ordered combination, Claims 22-42 are nonetheless rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.
	
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim rejected under 35 U.S.C. 103 as being unpatentable over.

Regarding Claim 22, MacCarthy teaches the following:  A data network, comprising: 
a server device, on which personal, sensitive data of a user is stored (The system includes a collection computing system and an intermediate computing system (i.e. which are collectively interpreted as “a server device”), that stores de-identified healthcare data, e.g. see paragraph [0034], Fig. 1.); and 
a computer unit associated with a user, the computer unit and the server device communicating with one another via a network so as to exchange the personal data (The system includes a source computing system (i.e. a computer unit associated with a user) that communicates with the collection computing system over a network, e.g. see paragraphs [0024]-[0026] and [0037], Figs. 1-2.); 
an allocation rule being present on the computer unit associated with the user, which allocates an identifier to the user and his or her de-personalized personal data (The source computing system (i.e. the computer unit) includes a de-identification module that is programmed to (i.e. includes an allocation rule) de-identify data designated as patient identifying information (PII) by generating hashed tokens that define an anonymized patient identifier (i.e. an identifier) that correspond to the de-identified healthcare data record, e.g. see paragraphs [0032], [0035], [0043], [0049], and [0071]-[0073], Fig. 2.), the personal data being exclusively stored on the server device in the form of de- personalized personal data with the identifier (The collection computing system only (i.e. exclusively) stores de-identified data, and also stores the hashed tokens defining the anonymized patient identifier, e.g. see paragraphs [0034], [0049], and [0072], Fig. 1.), a personalization of the de-personalized personal data in the form of an allocation of the de-personalized personal data to the associated user, based on the de-personalized personal data and the identifier present on the server device, not being possible (The collection computing system (i.e. the server device) requires the hashed tokens to decrypt the de-identified data, e.g. see paragraph [0047] and [0080] – that is, the personalization of the de-personalized data on the computer unit is not possible, as this operation is performed at the server device.); 
the computer unit associated with the user comprising a control logic, by which: 
a request is generated to the server device with respect to the transmission of the de-personalized personal data, the request including the identifier associated with the user, and the de-personalized personal data, which is transmitted in response to the request from the server device to the computer unit via the network and with which the identifier is associated, being received; or 
personalized personal data on the computer unit is converted into de- personalized personal data with the associated identifier, using the allocation rule, and the de-personalized personal data, with the associated identifier, is then transmitted from the computer unit via the network to the server device (The source computing system (i.e. the computer unit) utilizes the de-identification module to convert personalized data into de-identified (i.e. de-personalized) data, e.g. see paragraphs [0032], [0035], and [0071]-[0073], Fig. 1.  Additionally, the source computing system stores anonymized patient identifiers and may transmit the stored anonymized patient identifiers to an intermediate computing system, e.g. see paragraphs [0050] and [0076], Figs. 3-4.);  In re Application of Thomas Krech Preliminary Amendment April 16, 2020 Page 5 of 10  
the computer unit associated with the user having the control logic, by which it is possible to remove personal information and information allowing the person to be inferred from information unit data encompassed by the personal data (The source computing system includes a de-identification module that is used to de-identify data (i.e. remove personal information and information allowing the person to be inferred), e.g. see paragraphs [0032], [0035], and [0071]-[0073].), or to convert the personal information and information allowing the person to be inferred automatically or manually by the user.
Examiner notes that the language of the control logic “by which it is possible to…” only requires that the computer unit be able to be programmed to perform the aforementioned functions, and does not require that the functions are actually performed.
But MacCarthy does not teach the following:
(A)	the computer unit associated with the user having an interface to a vital data acquisition device.
(A)	Unagami teaches that it was old and well known in the art of healthcare, at the effective filing date, for the system to include patient devices, for example a body composition analyzer (i.e. a vital data acquisition device), that are in communications with a user terminal (i.e. a computer unit), e.g. see paragraphs [0085], [0101], and [0159], Fig. 1.
Therefore, at the effective filing date, it would have been prima facie obvious to one ordinarily skilled in the art of healthcare to modify MacCarthy to include the patient device as taught by Unagami in order to provide users with privacy regarding services provided to the users by the patient device, e.g. see Unagami paragraphs [0002]-[0004], and because doing so could be readily and easily performed by any person of ordinary skill in the art, without undue experimentation or risk of unexpected results.

Regarding Claim 23, the combination of MacCarthy and Unagami teaches the limitations of Claim 22, and MacCarthy further teaches the following:
The data network of claim 22, wherein the computer unit associated with the user comprises a computer, a tablet, a cell phone, a smart phone, a smart watch, a wearable or a PDA (The source computing system (i.e. the computer unit) includes a desktop computer, a tablet computer, a PDA, and/or a mobile phone, e.g. see MacCarthy paragraph [0038].).

Regarding Claim 24, the combination of MacCarthy and Unagami teaches the limitations of Claim 22, and MacCarthy further teaches the following:
The data network of claim 22, wherein the computer unit associated with the user having the control logic includes a recognition logic, by which it is possible to automatically recognize personal information and information allowing the person to be inferred in the information unit data and to remove it from the information unit data (The system includes business rules that identify which portions of data are considered to be PII and how to handle the identified PII, for example by removing it, e.g. see MacCarthy paragraphs [0021], [0023], and [0029]-[0031].).

Regarding Claim 25, the combination of MacCarthy and Unagami teaches the limitations of Claim 22, and Unagami further teaches the following:
The data network of any one of claim 22, wherein the computer unit associated with the user having the control logic converts personal information and information allowing the person to be inferred into generalized personal information and information allowing the person to be inferred (Pgs. 7-8 of the present Specification disclose that data may be converted into “generalized” data by removing data, for example data containing the day, month, and year, may be “generalized” by removing the day and month such that the “generalized” data includes only the year.  The system may include anonymization rules that specify how certain data is handled, wherein only some of the data may be removed while other portions are preserved, for example, data may be abstracted by omitting the month and day of a birth date but keeping the year, e.g. see Unagami paragraphs [0106]-[0108].  It would have been obvious to modify MacCarthy to incorporate the anonymization rules as taught by Unagami in order to prevent the identification of a user, e.g. see Unagami paragraph [0108].).

Regarding Claim 26, the combination of MacCarthy and Unagami teaches the limitations of Claim 24, and MacCarthy further teaches the following: The personal data network of claim 24, wherein:
the recognition logic comprises a text, image or audio recognition logic (The data identified by the system as PII may include text fields, e.g. see MacCarthy paragraph [0057].); 
the control logic, by way of a comparison of recognized words, images or audio components to predetermined words, images, audio components, or formation laws, identifies personal information and information allowing the person to be inferred (The system includes business rules that identify which portions of data are considered to be PII, for example by comparing it to fields known to be PII (i.e. predetermined words), and how to handle the identified PII, for example by removing it, e.g. see MacCarthy paragraphs [0021], [0023], and [0029]-[0031].); and  In re Application of Thomas Krech Preliminary Amendment April 16, 2020 Page 6 of 10 
the control logic removes the identified personal information from the information unit data (The system may remove the identified PII, e.g. see MacCarthy paragraphs [0021], [0023], and [0029]-[0031].) or converts it into generalized personal information and information allowing the person to be inferred.

Regarding Claim 27, the combination of MacCarthy and Unagami teaches the limitations of Claim 22, and MacCarthy further teaches the following:
The personal data network of claim 22, wherein the computer unit associated with the user having the control logic by which information unit data is output on an output of the computer unit, and that enables the user to remove personal information and information allowing the person to be inferred, identified in the information unit data based on the output, or to convert it into generalized personal information and information allowing the person to be inferred (The system enables a healthcare professional or other user to designate portions of data as PII, e.g. see MacCarthy paragraph [0031], wherein the PII is removed, e.g. see MacCarthy paragraph [0021].).
 
Regarding Claim 28, the combination of MacCarthy and Unagami teaches the limitations of Claim 22, and MacCarthy further teaches the following:
The personal data network of claim 22, wherein the computer unit associated with the user having the control logic by which personal information and information allowing the person to be inferred that was removed from the information unit data, or converted into generalized personal information and information allowing the person to be inferred, is stored (The source computing system (i.e. the computer unit) stores program instructions and business rules that enable the de-identification of PII, e.g. see paragraphs [0008], [0021], and [0023].), and which from the de-personalized personal data, which was received from the server device via the network and in which personal information and information allowing the person to be inferred was removed from information unit data, or converted into generalized personal information and information allowing the person to be inferred, and the stored personal information at least partially reconstructs the original information unit data including the personal information (The system enables (i.e. allows for) the decryption of the de-identified data, e.g. see MacCarthy paragraphs [0047] and [0080]-[0083].).

Regarding Claim 29, the combination of MacCarthy and Unagami teaches the limitations of Claim 22, and MacCarthy further teaches the following:
The personal data network of claim 22, wherein the computer unit associated with the user having the control logic enables a transmission of personalized personal data or a transmission of the allocation rule to a supporter computer device (A request for health record information is sent to source computing systems (i.e. the computer unit), wherein the source computing systems transmit de-identified and encrypted data in response, e.g. see MacCarthy paragraphs [0051]-[0052], and wherein the data is subsequently decrypted, e.g. see MacCarthy paragraphs [0053]-[0054] – that is, the source computing systems enable the transmission of the decrypted data because the data cannot be decrypted without the source computing system transmitting the encrypted, de-identified data first.).

 Regarding Claim 30, the combination of MacCarthy and Unagami teaches the limitations of Claim 29, and MacCarthy further teaches the following:
The personal data network of claim 29, further comprising an analysis interface of the personal data network connected to an analysis computer device (The received encrypted and de-identified data may be analyzed, for example to determine the validity of the data, e.g. see MacCarthy paragraph [0053].).

Regarding Claim 31, the combination of MacCarthy and Unagami teaches the limitations of Claim 29, and MacCarthy further teaches the following:
The personal data network of claim 30, wherein the supporter computer device, the analysis computer device, the server device or the computer unit associated with the user having the control logic ascertains findings or generates automatic messages from the de-personalized personal data of a user (The encrypted and de-identified data is analyzed to generate a report (i.e. findings and/or automatic messages), e.g. see MacCarthy paragraphs [0046]-[0047], [0053], and [0079]-[0080].).

Regarding Claim 32, the combination of MacCarthy and Unagami teaches the limitations of Claim 30, and MacCarthy further teaches the following:
The personal data network of claim 30, wherein the supporter computer device, the analysis computer device, the server device or the computer unit associated with the user have an acquisition device by which personalized or de- personalized personal data can be acquired (The source computing system (i.e. the computer unit) includes a storage device that stores the original, unencrypted data, e.g. see MacCarthy paragraphs [0026]-[0027], and further includes a de-identification module which may be used to de-identify data, e.g. see MacCarthy paragraphs [0032] and [0043], Fig. 1.  Additionally, the collection computing system (i.e. the server device) may also obtain de-identified data, e.g. see MacCarthy paragraphs [0035] and [0071]-[0073], Fig. 1.).

Regarding Claim 35, the combination of MacCarthy and Unagami teaches the limitations of Claim 22, and MacCarthy further teaches the following: The personal data network of claim 22, wherein the computer unit associated with the user comprises a control logic that:
after transmitting the de-personalized personal data from the server device to the computer unit or the supporter computer device, or after transmission ofIn re Application of Thomas KrechPreliminary AmendmentApril 16, 2020 Page 8 of 10the allocation rule or identifier to a supporter computer device, ascertains a new allocation rule with a new identifier, and transmits the de-personalized personal data with an identifier from the computer unit to the server device via the network (The system receives periodic updates of new anonymized identifiers of new patients, e.g. see MacCarthy paragraphs [0044], [0050], and [0075].  Furthermore, the aforementioned process may be performed for multiple patients, and hence the new anonymized identifiers and de-personalized personal data may be obtained after transmitting the original/first de-personalized personal data and/or allocation rule.).

Regarding Claim 37, the combination of MacCarthy and Unagami teaches the limitations of Claim 22, and MacCarthy further teaches the following: The personal data network of any one of claim 22, wherein the de-personalized personal data, with respect to the user, includes:
a year of birth; a gender; an ethnicity; a race; or a country of a place of residence (The data deemed PII and de-identified by the system may include birth dates, a gender, and/or addresses, e.g. see MacCarthy paragraphs [0029] and [0056]-[0057].).

Regarding Claim 38, the combination of MacCarthy and Unagami teaches the limitations of Claim 22, and MacCarthy further teaches the following: 
The personal data network of any one of claim 22, wherein the computer unit comprises a portable computer unit (The source computing system may include a laptop computer, e.g. see MacCarthy paragraph [0038].).

Regarding Claim 39, the combination of MacCarthy and Unagami teaches the limitations of Claim 22, and MacCarthy further teaches the following: 
The personal data network of claim 22, wherein a control logic of the server device is designed to generate automatic messages to the user or another predetermined person from the transmitted de-personalized data (The collection computing system (i.e. the server device) includes a report creation module, e.g. see paragraphs [0033]-[0034], Fig. 1, wherein the system utilizes encrypted and de-identified data is to generate a report (i.e. automatic messages), e.g. see MacCarthy paragraphs [0033]-[0034], [0046]-[0047], [0053], and [0079]-[0080].).

Regarding Claim 40, the combination of MacCarthy and Unagami teaches the limitations of Claim 22, and Unagami further teaches the following: 
The personal data network of claim 22 further comprising a vital data acquisition device (The system includes patient devices, for example a body composition analyzer (i.e. a vital data acquisition device), that are in communications with a user terminal (i.e. a computer unit), e.g. see Unagami paragraphs [0085], [0101], and [0159], Fig. 1.  It would have been obvious to modify MacCarthy to include the patient device as taught by Unagami in order to provide users with privacy regarding services provided to the users by the patient device, e.g. see Unagami paragraphs [0002]-[0004].).



Claim 33 is rejected under 35 U.S.C. 103 as being unpatentable over the combination of MacCarthy and Unagami in view of Foti (Pub. No. US 2002/0194378).
Regarding Claim 33, the combination of MacCarthy and Unagami teaches the limitations of Claim 22, and MacCarthy further teaches the following:
The personal data network of claim 22, further comprising a transmission path disconnection device, interposed between the computer unit associated with the user and the server device, that transmits the de-personalized personal data transmitted from the computer unit to the server device (The system may include an intermediate computing system (i.e. a transmission path disconnection device) that receives the de-personalized data from the source computing system (i.e. the computer unit) and transmits the de-personalized data to the collection computing system (i.e. the server device), e.g. see MacCarthy paragraphs [0037], [0040], and [0046], Fig. 2.).
But the combination of MacCarthy and Unagami does not teach the following:
(A)	makes it impossible to infer the transmission path from the computer unit and from de- personalized personal data on the server device.
(A)	Foti teaches that it was old and well known in the art of data communication, at the effective filing date, for the system to include an originating IP terminal and a terminating IP terminal, wherein the originating IP terminal transmits data to an intermediate address translation function before transmitting the data to the terminating IP terminal such that the originating IP terminal IP address is hidden from the terminating IP terminal, e.g. see paragraphs [0006], [0011], and [0042]-[0043], Fig. 2, to avoid revealing location and identity information.
Therefore, at the effective filing date, it would have been prima facie obvious to one ordinarily skilled in the art of healthcare to modify the combination of MacCarthy and Unagami to include the intermediary device hiding the IP address as taught by Foti in order to avoid revealing location and identity information, e.g. see Foti paragraphs [0004]-[0005], and because doing so could be readily and easily performed by any person of ordinary skill in the art, without undue experimentation or risk of unexpected results.

Claim 34 is rejected under 35 U.S.C. 103 as being unpatentable over the combination of MacCarthy and Unagami in view of Waytena (Pub. No. US 2011/0069661).
Regarding Claim 34, the combination of MacCarthy and Unagami teaches the limitations of Claim 22, but does not teach the following: The personal data network of claim 22, wherein,
(A)	for a registration of the user, the computer unit associated with the user has a control logic that: sends a telephone number of the computer unit; 
(B)	receives a code for authenticating the computer unit; and 
(C)	records personal data of the user, which is then stored in the computer unit, only after the code for authenticating the computer unit has been received.
(A)-(C)	Waytena teaches that it was old and well known in the art of data communication, at the effective filing date, for the system to first determine whether or not a user is registered, and if the user is not registered, receive a mobile phone number of the user, e.g. see paragraphs [0139]-[0140], Fig. 5A.  Furthermore, upon receiving the mobile phone number, the system then generates an authentication code that is sent to the mobile number of the user, wherein the user then verifies the authentication code with the system, e.g. see paragraphs [0141]-[0145].  Additionally, if the user-submitted authentication code matches the authentication code issued by the system, the system then stores user data, e.g. see paragraph [0146]. 
Therefore, at the effective filing date, it would have been prima facie obvious to one ordinarily skilled in the art of healthcare to modify the combination of MacCarthy and Unagami to include the authentication code and user verification process as taught by Waytena in order to enable the user to dictate what data should be accessible, e.g. see Waytena paragraph [0006], and because doing so could be readily and easily performed by any person of ordinary skill in the art, without undue experimentation or risk of unexpected results.

Claim 36 is rejected under 35 U.S.C. 103 as being unpatentable over the combination of MacCarthy and Unagami in view of Wons (Pub. No. US 2012/0041788).
Regarding Claim 36, the combination of MacCarthy and Unagami teaches the limitations of Claim 22, but does not teach the following:
(A)	The data network of any one of claim 22, wherein the allocation rule is transmitted to a person of a trust computer unit associated with a person of trust, and it is made possible for the person of the trust computer unit to at least partially access the de-personalized personal data and convert it into personalized personal data.
(A)-(C)	Wons teaches that it was old and well known in the art of healthcare, at the effective filing date, for the system to include a server and a plurality of user devices that may belong to, for example, a family member of a patient (i.e. a person of trust), e.g. see paragraph [0034], Fig. 2, wherein communications between the server and the devices are encrypted, and may only be decrypted upon receiving proper login credentials (i.e. an allocation rule) from the family member, e.g. see paragraphs [0034], [0047], and [0059]. 
Therefore, at the effective filing date, it would have been prima facie obvious to one ordinarily skilled in the art of healthcare to modify the combination of MacCarthy and Unagami to include enabling a family member to decrypt the data as taught by Wons in order to ensure the security of the data by limiting access to only authorized individuals, e.g. see Wons paragraphs [0034] and [0055]-[0058], and because doing so could be readily and easily performed by any person of ordinary skill in the art, without undue experimentation or risk of unexpected results.

Claims 41-42 are rejected under 35 U.S.C. 103 as being unpatentable over the combination of MacCarthy and Unagami in view of Park (Pub. No. US 2016/0014129).

Regarding Claim 41, the combination of MacCarthy and Unagami teaches the limitations of Claim 40, but does not teach the following: The personal data network of claim 22, wherein,
(A)	The personal data network of claim 40, wherein the vital data acquisition device comprises one or more sensors for acquiring vital data.
(A)	Park teaches that it was old and well known in the art of healthcare, at the effective filing date, for the system to include a plurality of wearable devices and external sensors (i.e. any one of which may be interpreted as “vital acquisition devices comprising one or more sensors) that acquire a variety of patient data such as heart rate and blood pressure, e.g. see paragraphs [0017]-[0020]. 
Therefore, at the effective filing date, it would have been prima facie obvious to one ordinarily skilled in the art of healthcare to modify the combination of MacCarthy and Unagami to incorporate the sensors as taught by Park in order to evaluate a person’s health state, e.g. see Park paragraphs [0002]-[0003], and because Unagami also teaches monitoring the user’s health using data obtained from a body composition analyzer, e.g. see Unagami paragraphs [0085] and [0098], although without explicitly disclosing that the body composition analyzer comprises a sensor, and because doing so could be readily and easily performed by any person of ordinary skill in the art, without undue experimentation or risk of unexpected results.

Regarding Claim 42, the combination of MacCarthy and Unagami teaches the limitations of Claim 40, but does not teach the following: The personal data network of claim 22, wherein,
(A)	The personal data network of claim 41, wherein the one or more sensors comprise a heart rate sensor, a blood pressure sensor, a glucose level sensor, a cardiac pacemaker, a fitness tracker, a position sensor, or an acceleration sensor.
(A)	Park teaches that it was old and well known in the art of healthcare, at the effective filing date, for the system to include a plurality of wearable devices and external sensors (i.e. any one of which may be interpreted as “vital acquisition devices comprising one or more sensors) that acquire a variety of patient data such as heart rate, blood pressure, glucose, acceleration, and position, e.g. see paragraphs [0017]-[0020] and [0031]. 
Therefore, at the effective filing date, it would have been prima facie obvious to one ordinarily skilled in the art of healthcare to modify the combination of MacCarthy and Unagami to incorporate the various types of sensors as taught by Park in order to evaluate a person’s health state, e.g. see Park paragraphs [0002]-[0003], and because Unagami also teaches monitoring the user’s health using data obtained from a body composition analyzer, e.g. see Unagami paragraphs [0085] and [0098], although without explicitly disclosing that the body composition analyzer comprises a sensor, and because doing so could be readily and easily performed by any person of ordinary skill in the art, without undue experimentation or risk of unexpected results.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOHN P GO whose telephone number is (571)270-1658. The examiner can normally be reached Monday-Friday 9:30am-6pm PST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Victoria Augustine can be reached on 313-446-4858. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JOHN P GO/Primary Examiner, Art Unit 3686