DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This is in response to application filed on 12/08/2020 in which claims 1-19 are presented for examination.
Claims 1-19 are pending, of which claims 1-19 are subject to Restriction Election.

Election/Restrictions
Restriction to one of the following inventions is required under 35 U.S.C. 121:
I.	Claims 1-10, drawn to a method for providing user data to a third party while maintaining user privacy. In accordance with the method, a session is established in a computing environment to execute a first executable computer code in a virtual machine. The first executable computer code is associated with a database provider. A second executable computer code is caused to be inserted into the session. The second executable computer code is associated with a verifying entity. A request is received from a third party from outside of the session to obtain user data for a user having a user data record maintained by the database provider. The request identifies the user by a designated identifier stored in the user data record. The designated identifier replaces at least one private attribute of the user data record. The at least one private attribute includes one or more key attributes of the user data record. The user data record includes an encrypted data object in which the at least one private attribute is encrypted. Responsive to the request, a third executable code is caused to be inserted into the session. The third executable code is associated with a user communication device associated with the user. Further responsive to the request, the third executable code is caused to send a credential to the second executable code within the session. The credential is associated with the at least one private attribute of the user data record. Upon verification of the credential by the second executable code, the at least one private attribute and the designated identifier are received in the session from the third executable code. In response to receipt in the session of the at least one private attribute and the designated identifier, the user data record stored in the database is accessed. The at least one private attribute is verified using the encrypted data object and, if verified, the user data record is sent to the third party outside of the session without including the at least one private attribute, classified in class G06F 21/645.
II.	Claims 11-17, drawn to a method for protecting stored data from data breaches. The method comprising: receiving by a user communication device associated with a user over a communications network at least one of a plurality of user attributes in a user data record that is designated as a private attribute, the private attribute being replaced in the user data record by a designated identifier that uniquely identifies the private attribute while obfuscating the private attribute; storing the private attribute in a memory associated with the user communication device; generating a credential using biometric data of the user and a user defined dataset ; associated the credential and the user defined dataset with the private attribute; receiving a request to present the credential and the user defined dataset; responsive to a request to send the stored private attribute in the memory, the request only being issued if the credential is verified, causing the private attribute to be sent to an entity that has authorized access to the user data record  classified in class H04L 9/3231.
III.	Claims 18-19, drawn to a method of maintaining user privacy when storing a user data record associated with a user in a database, comprising: receiving by a verifying entity over a communications network at least one of a plurality of user attributes in the user data record that is designated as a private attribute, the private attribute being replaced in the user data record by a designated identifier that uniquely identifies the private attribute while obfuscating the private attribute; requesting, by the verifying entity, a secure key from a user communication device associated with the user; receiving by the verifying entity the secure key from the user communication device, the secure key being one component of a digital string that is used as input to a hash function that generates a hashed output, the digital string and the hashed output being generated by the user communication device, the digital string having at least two components; receiving by the verifying entity a credential from the user communication device, the credential representing the private attribute that is authenticated upon being verified by the verifying entity without disclosing the private attribute; verifying, by the verifying entity, the credential; if the credential is verified, sending, by the verifying entity, the private attribute an external storage device, classified in class G06F 21/602.
The inventions are distinct because each of the various sub-combination details specific characteristic of the following:
Inventions I: establishing a session in a computing environment to execute a first executable computer code in a virtual machine, the first executable computer code being associated with a database provider; causing a second executable computer code to be inserted into the session, the second executable computer code being associated with a verifying entity; responsive to the request, causing a third executable code to be inserted into the session, the third executable code being associated with a user communication device associated with the user; further responsive to the request, causing the third executable code to send a credential to the second executable code within the session, the credential being associated with said at least one private attribute of the user data record; upon verification of the credential by the second executable code, receiving in the session, from the third executable code, said at least one private attribute and the designated identifier; and in response to receipt in the session of said at least one private attribute and the designated identifier, accessing the user data record stored in the database and verifying said at least one private attribute using the encrypted data object and, if verified, sending the user data record to the third party outside of the session without including said at least one private attribute.
Inventions II: generating a credential using biometric data of the user and a user defined dataset ; associated the credential and the user defined dataset with the private attribute; receiving a request to present the credential and the user defined dataset; responsive to a request to send the stored private attribute in the memory, the request only being issued if the credential is verified, causing the private attribute to be sent to an entity that has authorized access to the user data record.
Inventions III: requesting, by the verifying entity, a secure key from a user communication device associated with the user; receiving by the verifying entity the secure key from the user communication device, the secure key being one component of a digital string that is used as input to a hash function that generates a hashed output, the digital string and the hashed output being generated by the user communication device, the digital string having at least two components.
Inventions I, II, III are related as subcombinations disclosed as usable together in a single combination.  The subcombinations are distinct if they do not overlap in scope and are not obvious variants, and if it is shown that at least one subcombination is separately usable. 
The examiner has required restriction between subcombinations usable together. Where applicant elects a subcombination and claims thereto are subsequently found allowable, any claim(s) depending from or otherwise requiring all the limitations of the allowable subcombination will be examined for patentability in accordance with 37 CFR 1.104.  See MPEP § 821.04(a).  Applicant is advised that if any claim presented in a continuation or divisional application is anticipated by, or includes all the limitations of, a claim that is allowable in the present application, such claim may be subject to provisional statutory and/or nonstatutory double patenting rejections over the claims of the instant application.
Restriction for examination purposes as indicated is proper because all these inventions listed in this action are independent or distinct for the reasons given above and there would be a serious search and/or examination burden if restriction were not required because at least the following reason(s) apply:
(a) the inventions have acquired a separate status in the art in view of their different classification;
(b) the inventions have acquired a separate status in the art due to their recognized divergent subject matter;
(c) the inventions require a different field of search (for example, searching different classes/subclasses or electronic resources, or employing different search queries); 
(d) the prior art applicable to one invention would not likely be applicable to another invention;
(e) the inventions are likely to raise different non-prior art issues under 35 U.S.C. 101 and/or 35 U.S.C. 112, first paragraph.
Applicant is advised that the reply to this requirement to be complete must include (i) an election of an invention to be examined even though the requirement may be traversed (37 CFR 1.143) and (ii) identification of the claims encompassing the elected invention. 
The election of an invention may be made with or without traverse. To reserve a right to petition, the election must be made with traverse. If the reply does not distinctly and specifically point out supposed errors in the restriction requirement, the election shall be treated as an election without traverse. Traversal must be presented at the time of election in order to be considered timely. Failure to timely traverse the requirement will result in the loss of right to petition under 37 CFR 1.144. If claims are added after the election, applicant must indicate which of these claims are readable upon the elected invention.
Should applicant traverse on the ground that the inventions are not patentably distinct, applicant should submit evidence or identify such evidence now of record showing the inventions to be obvious variants or clearly admit on the record that this is the case. In either instance, if the examiner finds one of the inventions unpatentable over the prior art, the evidence or admission may be used in a rejection under 35 U.S.C. 103(a) of the other invention.
Applicant is reminded that upon the cancellation of claims to a non-elected invention, the inventorship must be amended in compliance with 37 CFR 1.48(b) if one or more of the currently named inventors is no longer an inventor of at least one claim remaining in the application. Any amendment of inventorship must be accompanied by a request under 37 CFR 1.48(b) and by the fee required under 37 CFR 1.17(i).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MENG LI whose telephone number is (571)272-8729.  The examiner can normally be reached on M-F 8:30-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ali Abyaneh can be reached on (571) 272-7961.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MENG LI/Primary Examiner, Art Unit 2437