DETAILED ACTION
Claims 27-46 are pending in this action.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Terminal Disclaimer
Examiner acknowledges the filing of a terminal disclaimer on 7/9/2022.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 27, 28, 30-33, 39, 41-46 are rejected under 35 U.S.C. 103 as being unpatentable over Buller et al. (US PGPUB No. 2010/0088389) [hereinafter “Buller”] in view Datta (US PGPUB No. 2003/0004998).

As per claim 27, Buller teaches a method for conducting a transaction, the method comprising: receiving, at a user device from a transaction system ([0024], external users requesting and receiving data for “transacting” from data backup and archiving system), a request for a data element for conducting a transaction at a transaction system (Examiner Note: the BRI of “transaction” is interpreted to include any general use of data files – Examiner suggests limiting “transaction” to overcome Buller reference) ([0022], archiving and retrieval of data fragments to be used by the user including a master index); in response to receiving the request, accessing by one of the user device or a data service system (Fig. 2, peer hosts or data archiving system accessing a master index) a data map corresponding to the requested data element ([0022], master index with the location of every fragment in the file), the data map including: a plurality of pointers for a plurality of data fragments of the data element ([0022], master index includes the location, i.e. pointer, to each of the fragments), each of the data fragments containing a different portion of the data element ([0020], fragments are different bytes of the whole file), each of the pointers pointing to a respective different one of the plurality of data fragments located at a respective different one of a plurality of storage locations ([0022], locations of each fragment is different and is periodically shuffled to different locations); and time-to-live (TTL) attributes for the plurality of data fragments, each TTL attribute indicating a time period for which a respective data fragment is valid ([0020], each fragment has a TTL, i.e. “time to live” value); assembling the requested data element using the retrieved plurality of data fragments; and providing by the user device to the transaction system (Fig. 2, peer host providing requested data fragments which are assembled for “transacting”) the requested data element to conduct the transaction at the transaction system ([0028], reassembling file from retrieved fragments).
Buller does not explicitly teach determining whether the TTL attributes indicate that each of the plurality of data fragments is currently valid; and upon determining that each of the plurality of data fragments is currently valid, retrieving, using the pointers of the data map, the plurality of data fragments from the plurality of different storage locations. Datta teaches determining whether the TTL attributes indicate that each of the plurality of data fragments is currently valid ([0097], expiration of TTL one way of making fragment invalid); and upon determining that each of the plurality of data fragments is currently valid, retrieving, using the pointers of the data map, the plurality of data fragments from the plurality of different storage locations ([0097], checking validity during request for content and replacing if necessary).
	At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Buller with the teachings of Datta, determining whether the TTL attributes indicate that each of the plurality of data fragments is currently valid; and upon determining that each of the plurality of data fragments is currently valid, retrieving, using the pointers of the data map, the plurality of data fragments from the plurality of different storage locations, to ensure that nonvalid fragments are not used in the construction of a file which may be against set security policies.

As per claim 28, the combination of Buller and Data teaches the method of claim 27, further comprising: wherein the receiving includes receiving a request for a second data element (Buller; [0024], request/retrieval of a file desired by user); accessing a second data map corresponding to the requested second data element (Buller; [0022], accessing a fragments to a file via a master index), the second data map including: a plurality of second pointers for a plurality of second data fragments of the second data element (Buller; [0022], master index includes location, i.e. pointer, to each fragment), each of the second data fragments containing a different portion of the second data element (Buller; [0020], fragments are different bytes of the whole file), each of the second pointers pointing to a respective different one of the plurality of second data fragments located at a respective different one of the plurality of storage locations (Buller; [0022], locations of each fragment is different and is periodically shuffled to different locations); and second TTL attributes for the plurality of second data fragments (Buller; [0020], each fragment has a TTL, i.e. “time to live” value), each second TTL attribute indicating a time period for which a respective second data fragment is valid ; determining that at least one of the second TTL attributes indicates that at least one of the plurality of second data fragments is not currently valid (Datta; [0097], expiration of TTL one way of making fragment invalid); and upon determining that at least one of the plurality of second data fragments is not currently valid, preventing retrieving the plurality of second data fragments from the plurality of different storage locations (Datta; [0016], when a single fragment becomes invalid, the entire page/file becomes invalid).

As per claim 30, the combination of Buller and Datta teaches the method of claim 27, wherein the plurality of different storage locations include a plurality of different data storage systems (Buller; Abstract, fragments are stored in different storage sites, i.e. peers).

As per claim 31, the combination of Buller and Datta teaches the method of claim 27, wherein the receiving the request, the accessing the data map, the retrieving the plurality of fragments, and the providing the requested data element are performed by a user device (Buller; Abstract, retrieval handled by peer device, i.e. user device, including use of master index see [0022]).

As per claim 32, the combination of Buller and Datta teaches the method of claim 27, further comprising: sending, by the user device to a data service system separate from the user device, a request for the data map; and receiving, by the user device from the identity service system, the data map (Buller; [0028], peer can reference index for constructing file from fragments – referenced index would be referenced from, i.e. requested from, master index see Fig. 1 and [0022]) (Examiner Note: “the identity service system” lacks antecedent basis and will be interpreted to mean “the data service system” which is properly defined in the claim).

As per claim 33, the combination of Buller and Datta teaches the method of claim 27, wherein the accessing the data map and the retrieving the plurality of fragments are performed by a data service system separate from the user device (Buller; Fig. 1, accessing master index and fragments can be performed by a another peer which is separate from the peer the user resides on), the method further comprising: receiving, by the user device from the identity service system, at least one of: the retrieved plurality of data fragments, or the assembled data element (Examiner Note: “the identity service system” lacks antecedent basis and will be interpreted to mean “the data service system” which is properly defined in the claim).

As per claim 39, the combination of Buller and Datta teaches the method of claim 27, further comprising: fragmenting the data element into the plurality of data fragments, each data fragment representing a different portion of the data element (Buller; [0019], fragmenting a data backup set into different fragments); storing the plurality of data fragments at the plurality of different data storage locations so that each of the plurality of data fragments is stored on respective different one of the plurality of different data storage systems (Buller; [0019], storing the fragments at different locations across different storage media across different peers); and generating the data map including the plurality of pointers for the plurality of data fragments (Buller; [0022], generating and maintaining a master index with all the locations of all the fragments of a data set).

As per claim 41, the combination of Buller and Datta teaches the method of claim 39, further comprising determining a distribution of the plurality of data fragments among the plurality of different data storage systems (Buller; [0019], determining where to disperse, i.e. distribute the fragments and also determining when to shuffle, i.e. redistribute the fragments).

As per claim 42, the combination of Buller and Datta teaches the method of claim 39, further comprising at least one of: encrypting the data element before the fragmenting (Examiner Note: this is an optional feature but to expedite prosecution please see pertinent art below for teachings in the prior art), or encrypting the plurality of data fragments (Buller; [0022], encrypting the plurality of fragments before storage onto peer system).

As per claim 43, the combination of Buller and Datta teaches the method of claim 39, further comprising: for each of the plurality of data fragments, assigning the TTL attribute indicating the predetermined time period for which the data fragment is valid (Buller; [0013], data fragment at particular location is no longer valid and must be reshuffled) see also (Datta; [0097], expiration of TTL one way of making fragment invalid); and adding the time-to-live attributes for the plurality of data fragments to the data map (Buller; [0022], peer-to-peer fragment shuffler program code also maintains a comprehensive data map of all the fragments with corresponding TTL values and their locations, i.e. shuffler is responsible for shuffling the fragments so must know locations).

As per claim 44, the substance of the claimed invention is identical or substantially similar to that of claim 27. Accordingly, this claim is rejected under the same rationale.

As per claim 45, the substance of the claimed invention is identical or substantially similar to that of claim 28. Accordingly, this claim is rejected under the same rationale.

As per claim 46, the substance of the claimed invention is identical or substantially similar to that of claim 27. Accordingly, this claim is rejected under the same rationale.

Claims 29 and 40 are rejected under 35 U.S.C. 103 as being unpatentable over Buller and Datta in further view of Eigner et al. (US PGPUB No. 2016/0085996) [hereinafter “Eigner ‘996”].

As per claim 29, the combination of Buller and Datta teaches the method of claim 27.	The combination of Buller and Datta does not explicitly teach decrypting the data map. Eigner ‘996 teaches decrypting the data map ([0084] and [0095], encrypting and storing the data map and decrypting afterwards).
	At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Buller and Datta with the teachings of Eigner ‘996, decrypting the data map, to provide additional security against access to critical information regarding fragmented data.

As per claim 40, the combination of Buller and Datta teaches the method of claim 39.
The combination of Buller and Datta does not explicitly teach encrypting the data map; and storing the encrypted data map on a device separate from the plurality of data storage locations. Eigner ‘996 teaches encrypting the data map; and storing the encrypted data map on a device separate from the plurality of data storage locations ([0084] and [0095], encrypting and storing the data map at any of a plurality of data stores wherein the particular data store need not be among the data stores that contain any of the fragments see [0055] and [0062], only a select few of the data stores need be used for storing the “shards” or fragments and there is a proprietary data store dedicated for the secure platform to handle its storage needs, i.e. storage of the data map see [0062]).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Buller and Datta with the teachings of Eigner ‘996, encrypting the data map; and storing the encrypted data map on a device separate from the plurality of data storage locations, to provide further security against attacks on fragmented data.

Claims 34-38 are rejected under 35 U.S.C. 103 as being unpatentable over Buller and Datta in further view of Eigner et al. (US PGPUB No. 2017/0277774) [hereinafter “Eigner ‘774”].

As per claim 34, the combination of Buller and Datta teaches the method of claim 27.
The combination of Buller and Datta does not explicitly teach wherein the data element includes identity data to enable identification of the user, the identity data including at least one of: a name of the user, an mailing address of the user, an email address of the user, a picture of the user, a driver's license number of the user, or a passport number of the user. Eigner ‘774 teaches wherein the data element includes identity data to enable identification of the user, the identity data including at least one of: a name of the user, an mailing address of the user, an email address of the user, a picture of the user, a driver's license number of the user, or a passport number of the user (Abstract, fragmentation of a personal user data – see [0007] and [0013] for examples of data) (Examiner Note: Examiner takes official notice that personal data includes name, mailing address, email address, pictures, driver’s license numbers and passport numbers see pertinent art below – Sharp at [0712]).
	At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Buller and Datta with the teachings of Eigner ‘774, wherein the data element includes identity data to enable identification of the user, the identity data including at least one of: a name of the user, an mailing address of the user, an email address of the user, a picture of the user, a driver's license number of the user, or a passport number of the user, to make it difficult for attackers to get a full representation of the personal data of a user.

As per claim 35, the combination of Buller and Datta teaches the method of claim 27.
Buller and Datta does not explicitly teach wherein the transaction includes at least one of: an identification of the user, or a security interrogation of the user. Eigner ‘774 teaches wherein the transaction includes at least one of: an identification of the user ([0007], transactions which require the user to provide personal information for identification), or a security interrogation of the user (Examiner Note: this is an optional feature but to expedite prosecution a citation is provided) ([0011], [0067] and [0070], forms include any involved in job applications and any government mandated documents – it is well known that job applications and credit applications include background checks and interviews).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Buller and Datta with the teachings of Eigner ‘774, wherein the transaction includes at least one of: an identification of the user, or a security interrogation of the user, to extend the security benefits of encrypted data fragmentation to applications that handle sensitive user data.

As per claim 36, the combination of Buller and Datta teaches the method of claim 27. 
The combination of Buller and Datta does not explicitly teach wherein the data element includes financial data to enable identification of the user, the financial data including at least one account number. Eigner ‘774 teaches wherein the data element includes financial data to enable identification of the user, the financial data including at least one account number (Abstract, fragmentation of a personal user data – see [0007] and [0013] for examples of financial data including account numbers).
	At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Buller and Datta with the teachings of Eigner ‘774, wherein the data element includes financial data to enable identification of the user, the financial data including at least one account number, to make it difficult for attackers to get a full representation of the personal data of a user.

As per claim 37, the combination of Buller and Datta teaches the method of claim 27. 
The combination of Buller and Datta does not explicitly teach wherein the transaction is at least one of: a purchase transaction, or a credit approval transaction. Eigner ‘774 teaches wherein the transaction is at least one of: a purchase transaction, or a credit approval transaction ([0005], a variety of transactions including online shopping “purchase” and loan applications).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Buller and Datta with the teachings of Eigner ‘774, wherein the transaction is at least one of: a purchase transaction, or a credit approval transaction, to facilitate secure storage of transaction information and credentials especially during the process of the transaction.

As per claim 38, the combination of Buller and Datta teaches the method of claim 27. 
The combination of Buller and Datta does not explicitly teach wherein the user device is a mobile device, and the transaction system is an Internet system. Eigner ‘774 teaches wherein the user device is a mobile device ([0069], system as a mobile application running on a smartphone), and the transaction system is an Internet system ([0067], online shopping system).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Buller and Datta with the teachings of Eigner ‘774, wherein the user device is a mobile device, and the transaction system is an Internet system, to facilitate secure storage of transaction information and credentials especially during the process of an online transaction across unsecured networks.

Response to Arguments
Applicant’s arguments with respect to the nonstatutory double patenting rejection of claims 27-46 have been fully considered and are persuasive given that a terminal disclaimer has been filed.  The rejections have been withdrawn.

Applicant’s arguments with respect to the prior art rejection of claims 27-46 under 35 U.S.C. 103 have been fully considered but are not persuasive.
With respect to claim 1, Applicant argues that the cited prior art reference, Buller, does not disclose “receiving at a user from a transaction system, a request for a data element for conducting a transaction at the transaction system. Applicant reasons that Buller is a data backup and archival tool and that there isn’t a transaction system present to make the request. As noted in the above rejection, Examiner submits that the BRI of “transaction” is interpreted to include any general use of data files and that limiting the definition of transaction in the claim language could potentially overcome the current rejection. Applicant further argues that Buller does not teach “in response to receiving the request, accessing by one of the user device or a data service system, a data map corresponding to the requested data element, the data map including: a plurality of pointers for a plurality of data fragments of the data element, each of the data fragments containing a different portion of the data element, each of the pointers pointing to a respective different one of the plurality of data fragments located at a respective different one of a plurality of storage locations; and time-to-live (TTL) attributes for the plurality of data fragments, each TTL attribute indicating a time period for which a respective data fragment is valid”. Applicant reasons that master index taught in Buller does not include TTL values. Examiner submits that the master index of Buller is combined with the TTL attributes taught in the secondary reference, Datta. See Datta at [0097]. Applicant further argues that Buller does not teach “providing, by the user device to the transaction system, the requested data element to conduct the transaction at the transaction system”. Applicant provides a similar reasoning as previously stated that Buller is a data backup and archival tool and that there isn’t a transaction system providing requested files. Examiner reiterates that the BRI of “transaction” is interpreted to include any general use of data files and that the rejection can potentially be overcome if the definition of “transaction” is limited in the claim language. Applicant further argues that the secondary reference Datta does not remedy these deficiencies. Applicant generally reasons that Data does not disclose: (1) “receiving, at a user device from a transaction system, a request for a data element for conducting a transaction at the transaction system”, and (2) “in response to receiving the request, accessing by one of the user device or a data service system, a data map corresponding to the requested data element; and the data map including: a plurality of pointers for a plurality of data fragments of the data element, each of the data fragments containing a different portion of the data element, each of the pointers pointing to a respective different one of the plurality of data fragments located at a respective different one of a plurality of storage locations; and time-to-live (TTL) attributes for the plurality of data fragments, each TTL attribute indicating a time period for which a respective data fragment is valid”. Examiner submits that TTL attributes of Datta are combine with the teachings of Buller to teach theses features. See Datta at [0097]. Applicant further argues that Data does not disclose “determining that each of the plurality of data fragments is currently valid, retrieving, using the pointers of the data map, the plurality of data fragments from the plurality of different storage location”. Applicant reasons that Datta “selectively either regenerates content for fragments having TTL indicating the fragment is invalid, or inserts a get instruction for fragments having TTL indicating the fragment is valid”. Examiner resubmits that the data map and its features are taught by Buller and combined with the TTL attributes taught in Datta. See Datta at [0097]. Applicant further argues that Datta does not disclose “providing, by the user device to the transaction system, the requested data element to conduct the transaction at the transaction system”. As Applicant notes, Datta was not relied upon to teach this feature. Applicant further notes that Eigner ‘996 and Eigner ‘774 do not remedy the above deficiencies. As noted by Applicant, Examiner submits this argument is moot since the Office Action does not rely upon Eigner ‘996 and Eigner ‘774 to do so.
In conclusion, in light of the above rationales, the rejection of claims 27-46 under 35 U.S.C. 103 are maintained.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Lundborg (US PGPUB No. 2015/0304444), Bellare et al. (US PGPUB No. 2015/0016604), Shin (US PGPUB No. 2013/0275386), Venkatraman et al. (US PGPUB No. 2019/0007713), Webster (WO-2005088504-A1), Filzhuth et al. (DE-102014112496-A1), O’Brien et al. (WO-2006072017-A2), Hong et al. ("Fragmentation Storage Model: An Efficient Privacy Protection Technology", IEEE, doi: 10.1109/ICISCE.2017.80, 2017, pp. 348-352), Leung et al. ("Analysis of Secondary Storage Fragmentation", IEEE, doi: 10.1109/TSE.1983.236298, pp. 87-93, Jan. 1983) and Kapusta et al. ("Data protection by means of fragmentation in distributed storage systems", IEEE, doi: 10.1109/NOTERE.2015.7293486, 2015, pp. 1-8), all disclose data fragmentation for security in transmission and storage including using TTL and mapping. Condeixa et al. (US PGPUB No. 2017/0339510), Wei et al. (US PGPUB No. 2015/0088975), Douglas (US PGPUB No. 2019/0180272), Yanovsky et al. (WO-2015175411-A1), McMahon et al. (CA-2790227-A1), Tamhankar et al. ("Database fragmentation and allocation: an integrated methodology and case study," in IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans, vol. 28, no. 3, pp. 288-305, May 1998, doi: 10.1109/3468.668961) and Li et al. ("A New Fragmentation Strategy for Video of HTTP Live Streaming," 2016 12th International Conference on Mobile Ad-Hoc and Sensor Networks (MSN), 2016, pp. 86-89, doi: 10.1109/MSN.2016.022) disclose varying aspects of data fragmentation in storage/transaction systems.

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to PETER C SHAW whose telephone number is (571)270-7179. The examiner can normally be reached Max Flex.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/PETER C SHAW/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        August 27, 2022