DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This written action is responding to the amendment dated on June 15, 2022.
Claims 1 and 3-20 are allowed.

Allowable Subject Matter
Claims 1 and 3-20 are allowed.

Examiner’s Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance.
Independent Claim 1 is allowable based on the amendment presented on June 15, 2022.
Specifically, the independent Claim 1 now recites limitations as follows:
“A method, performed by one or more computing devices, for managing personal data, the method comprising: 
receiving, for use by an application of the one or more computing devices, personal data associated with a data subject, wherein the personal data is associated with a virtual identity of the data subject; 
storing the personal data; and storing identifying information that is linked to the personal data, wherein the identifying information is included in shadow data associated with the personal data, wherein the shadow data for the personal data is invisible to the application or inaccessible by the application, and wherein the identifying information comprises: 
a virtual identity identifier of the virtual identity, and 
a creation timestamp of the personal data”.
The cited reference Buchner et al. (US PGPUB. # US 2020/0296140) discloses, a request from an entity for operating on data stored or to be stored in a storage that is associated with a particular DID is received. The type of the data that is requested to be operated on is then determined. Thereafter, one or more policy rules that are applicable to the determined type of data are accessed. Based on the accessed one or more policy rules, a determination is made on whether the operation to be performed on the data will result in the data complying with the one or more policy rules. When it is determined that the operation will result the data complying with the one or more policy rules, the request is then allowed. (¶21). FIG. 8 illustrates a flow chart of an example method 800 for receiving a request from an entity for operation on data stored or to be stored in a storage that is associated with a particular DID, which may correspond to an embodiment of step 702 of method 700. The method 800 may include analyzing the information contained in the request (801). The information may include information related to the particular DID. Based on the information related to the particular DID, a storage (e.g., Alice's ID hub 660) that is associated with the particular DID is identified (802). The information may also include information related to the specific data that is being requested. Based on the information related to the specific data that is being requested, the requested data in the identified storage (e.g., Alice's medical data 661 stored in her ID hub) is then identified. (Fig. 8 (800), ¶137). As illustrated, identity hub 411 may include data storage 420. The data storage 420 may be used to store any type of data that is associated with the DID owner 201. In one embodiment the data may be a collection 422 of a specific type of data corresponding to a specific protocol. For example, the collection 422 may be medical records data that corresponds to a specific protocol for medical data. The collection 422 may be any other type of data. (Fig. 4, ¶80). The personal storage of Alice 560 includes Alice's medical data 561, Alice's social media data 562, and Alice's email data 563. The ellipsis 564 represents that there may be other types of Alice's personal data stored in Alice's personal storage 560 in the ID hub service 550. Similarly, Bob's personal storage 570 stores Bob's medical data 571, Bob's social media data 572, and Bob's email data 573. The ellipsis 574 represents that there may be other types of Bob's personal data stored in Bob's personal storage 570 in the ID hub service 550. (Fig. 5(560), ¶103). Thus Buchner discloses, personal data associated with a subject is received and the data is associated with DID (virtual identitiy). As mentioned, a representation of the DID 205 is stored on each distributed computing system of the distributed ledger or blockchain 220. For example, in FIG. 2 this is shown as the DID has 231, DID has 241, and DID has 251, which are ideally identical copies of the same DID. The DID hash 231, DID has 241, and DID hash 251 may then point to the location of the DID document 210. The distributed ledger or blockchain 220 may also store numerous other representations of other DIDs as illustrated by references 232, 233, 234, 242, 243, 244, 252, 253, and 254. (Fig. 2(231, 241), ¶60). Some introductory discussion of a decentralized identification (DID) and the environment is which they are created and reside will not be given with respect to FIG. 2. As illustrated in FIG. 2, a DID owner 201 may own or control a DID 205 that represents an identity of the DID owner 201. The DID owner 201 may register a DID using a creation and registration service, which will be explained in more detail below. (¶40). As mentioned, the DID owner 201 may create and register the DID 205. The DID 205 may be any identifier that may be associated with the DID owner 201. Preferably, that identifier is unique to that DID owner 201, at least within a scope in which the DID is anticipated to be in use. As an example, the identifier may be a locally unique identifier, and perhaps more desirably a globally unique identifier for identity systems anticipated to operate globally. In some embodiments, the DID 205 may be a Uniform Resource identifier (URI) (such as a Uniform Resource Locator (URL)) or other pointer that relates the DID owner 201 to mechanism to engage in trustable interactions with the DID owner 201. (¶44). 
The reference by Lafever et al. (WIPO PUB. # WO 2018/201009) discloses, Figure 4 shows an example of additional steps that may be taken following the operations of Figure 3, according to one example of an embodiment of the present invention. As each augmented TDR is received back by the privacy server, the maintenance module of the privacy server may update the source data by associating the time period/stamp by means of time keys (TKs) or otherwise, DDID, and attribute combinations with the applicable Data Subject. As shown in the example of Figure 4, the privacy server may record and associate the time period/stamp by means of time keys (TKs) or otherwise, DDID, attribute combination A, and attribute combination Q with requesting related party ZZ within the secure database. Relationship information between and among time periods/stamps, DDIDs, attribute combinations, Data Subjects and associated profiles may be stored, updated or deleted as applicable in the maintenance module of the privacy server. This may include, in one example, storing or updating all relationship information between all time periods/stamps, DDIDs, attribute combinations, Data Subjects, and profiles within the secure database(s) in the aggregated data profile for the Data Subject. Upon completion of the association of new data with regard to the desired action, activity, process or trait from the attribute combinations, in one example the DDID may then be reassigned for use with new TDRs in the same fashion as described above. (Fig. 4, ¶465).  From the perspective of an implementation of an embodiment of Dynamic Anonymity being a closed system, a DDID intended to represent the identity of a Data Subject, i.e., a "primary identifier," is required to be temporally unique during the time period of the assignment of the DDID to the Data Subject - i.e., no two extant Data Subjects can have identical primary identifier DDIDs at the same time. The requirement for temporal uniqueness of DDIDs is applicable when separateness of identity of Data Subjects is desired to be represented by DDIDs; if factors other than separateness of identity of Data Subjects are desired to be represented by DDIDs, DDID assignments can be made accordingly to represent intended associations, relationships, etc. DDIDs can be instantiated in two ways: (i) within an implementation of the present invention or (ii) by externally created identifiers, but only provided that they satisfy the "temporally unique" requirement (e.g., a "cookie" or other unique identifier assigned by a website to a first-time visitor could effectively serve as a DDID) when separateness of identity of Data Subjects is desired to be represented by DDIDs. [020] A cookie is a small piece of data that is generally sent from a website and stored in a Data Subject's web browser while the Data Subject is browsing the website, so that, every time the Data Subject returns to the website, the browser sends the cookie back to a server associated with the website to notify the website the Data Subject has returned to the website. However, in order for a cookie to serve as a DDID, the browser (serving as the client in this potential embodiment of the invention) may prevent any cookie submitted by the website from persisting between browsing sessions (e.g., by copying the user's cookies, cache and browsing history files to the anonymity system's servers and then deleting them off the user's computer), such that a new cookie may be assigned for each browsing session. In this manner, the various cookies (in this example embodiment, serving as DDIDs representing separateness of identity of Data Subjects) issued by the website, while being created "externally" to the system, would each be unique and would not enable the website to remember stateful information or aggregate the Data Subject's browsing activity, since each of the browsing sessions would be perceived by the website as unrelated— thereby enabling the Data Subject to remain dynamically anonymous as long as desired, to the extent desired. (¶19).
Smeets et al. (WIPO PUB. # WO 2021/260418) discloses,  a security management entity is provided. The security management entity includes processing circuitry configured to: generate a key having a plurality of key parts, anonymize at least a first data instance at least in part by using the key with threshold cryptography, transmit a respective key part to each one of the plurality of trusted entities, store at least one key part where the stored at least one key part is different from the transmitted respective key parts, receive a message from a first trusted entity of the plurality of trusted entities for investigating the anonymized first data instance where the message includes one of the transmitted respective key parts, and deanonymize the first data instance using the stored at least one key part and the one of the transmitted respective key parts associated with the first trusted entity. (Abstract).
Michael Cory Brook (US PAT. # US 11,106,823) discloses, at least one processor to extract at least one data value from a record in a remote data store as a primary key that uniquely represents the record in the remote data store, encrypt the primary key using a secret key and an initialization vector to create a reversible public identifier that represents the primary key and the record in the remote data store, receive the reversible public identifier at a second instance after the first instance, query at least one data value different from the primary key in the remote data store using the reversible public identifier based on a GraphQL application programming interface (API) request, and transmit the at least one data value different from the primary key in the remote data store using the GraphQL API at a third instance after the second instance. (Abstract).
Anson et al. (US PGPUB. # US 2021/0264054), discloses providing auditability of a distributed ledger technology (DLT) of de-identified data of entities, stored in the DLT. In certain embodiments, data related to an entity is de-identified. The de-identified data is stored in the DLT. Access to the de-identified data is determined. Instances of access to the de-identified data is recorded to the DLT. In certain embodiments, information used to re-identify the de-identified data is store on the DLT. Access to the information can also be determined and recorded to the DLT. (Abstract).
Aris Gkoulalas-Divanis (US PAT. # US 10,936,752) discloses, data is migrated from a dataset to a common data model that is configured to accommodate data comprising a plurality of different data types to be de-identified. Data is analyzed in the common data model to identify privacy vulnerabilities and determine corresponding data de-identification techniques and configuration options to be applied to the data. The automatically determined data de-identification techniques are applied to the data to address all of the identified privacy vulnerabilities, and the resulting de-identified data is migrated from the common data model back to the dataset. Embodiments of the present invention further include a computer-implemented method and program product for migrating and de-identifying data in substantially the same manner described above. (Abstract).
Jae Seung Song (US PAT. # US 2021/0007012) discloses, a method and procedure for processing protection data for protecting data privacy in an M2M system. According to an embodiment of the present disclosure, an M2M apparatus located in an M2M platform in an M2M system includes a communicator configured to transmit and receive a signal and a processor configured to control the communicator. Herein, the processor generates a resource at a resource generation request for administering data received by the communicator, generates a resource at a resource generation request for storing the data received by the communicator, determines whether the data received by the communicator are protection data, and when the data are determined as protection data, performs data processing for privacy protection. (Abstract).
However, each of the cited references or reference from the updated search, at least, fails to teach or suggest the limitations regarding “……storing the personal data; and storing identifying information that is linked to the personal data, wherein the identifying information is included in shadow data associated with the personal data, wherein the shadow data for the personal data is invisible to the application or inaccessible by the application, and wherein the identifying information comprises: a virtual identity identifier of the virtual identity…..”, in combination with the rest of the limitations recited in the independent claim(s).
None of the previous cited prior art references or reference(s) from the updated search yield any specific references that would reasonably, either singularly or in combination with previous cited reference, result a reasonable and proper rejection for each of the cited feature limitations of the independent claim 1 under 35 U.S.C. 102 or 35 U.S.C. 103 with proper motivation.
Claims 9 is a computer-readable storage media claim of above method claim 1 and Claim 15 is a system claim of above method claim 1, and therefore, they are also allowed.
Claims 3-8 depend on the allowed claim 1, and therefore, they are also allowed.
Claims 10-14 depend on the allowed claim 9, and therefore, they are also allowed.
Claims 17-20 depend on the allowed claim 15, and therefore, they are also allowed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance".

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316. The examiner can normally be reached M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DARSHAN I DHRUV/Primary Examiner, Art Unit 2498