DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-20 are pending.

Priority
Acknowledgement is made of applicant's claim for priority based on application 16/158,034 (now patent no. 11263341) filed on 10/11/2018 and application 62/571,083 filed on 10/11/2017.

Claim Objections
Claims 1, 4, 14, and 20 are objected to because of the following informalities:  
“wherein data” in line 8 of claim 1 should read “wherein the non-PII data”.  Similar issue also exists in claims 14 and 20.
“the subset of storage devices” in line 10 of claim 1 should read “the subset of available storage devices”.  Similar issue also exists in claims 14 and 20.
“filed” in line 12 of claim 1 should read “field”.   Similar issue also exists in claims 14 and 20.
“the one” in line 8 of claim 4 should read “the at least one”.  Similar issue also exists in claim 17.
Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 3 and 16 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claim 3 recites “the PII data” in line 5.  However, it’s unclear whether this refers to (1) “PII data” in line 3 of claim 1 or (2) “PII data” in line 2 of claim 3.  Similar issue also exists in claim 16.  For examination purposes, “the PII data” in line 5 of claim 3 has been interpreted as referring to (2) “PII data” in line 2 of claim 3.  Similar interpretation was also adopted for claim 16.
Claim 3 recites “the non-PII data” in line 6.  However, it’s unclear whether this refers to (1) “non-PII data” in line 3 of claim 1 or (2) “non-PII data” in line 4 of claim 3.  Similar issue also exists in claim 16.  For examination purposes, “the non-PII data” in line 6 of claim 3 has been interpreted as referring to (2) “non-PII data” in line 4 of claim 3.  Similar interpretation was also adopted for claim 16.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 2-10 and 15 of U.S. Patent No. 11263341 in view of Scheiblauer (US 20180336366).  Claims 2-10 and 15 of U.S. Patent No. 11263341 disclose the limitations recited in claims 1-20 of the instant application except for “wherein data in the second storage field is stored in at least one storage device that is located in a different geographic location” recited in claims 1, 14, and 20.  However, Scheiblauer discloses the above missing limitation (see rejection of claims 1, 14, and 20 below).  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Scheiblauer into the claims of the patent for the purpose of improving the security of the storage of the personally identifiable information (PII) of the users and preventing and/or deterring unauthorized discovery of the personally identifiable information of the users even when the database storing the personally identifiable information (PII) is stolen (Scheiblauer, ¶17).

Instant application 17583866
US Patent No. 11263341
1
8
2-13
2-10, 15
14
8
15-19
2-4, 8
20
8


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 9, 14, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Spertus (US 20170149793) in view of Scheiblauer (US 20180336366).

Claim 1, Spertus discloses A method comprising: 
determining that a first storage field stores personally identifiable information (PII) data and that a second storage field stores non-PII data; (e.g. ¶3, 6-7, 40: As will be described in greater detail below, the instant disclosure describes various systems and methods for anonymizing log entries by identifying fields in log entries that may contain sensitive information…the data-field evaluation determines that the data field contains sensitive data…the data-field evaluation determines that the data field contains enumerated data and therefore does not contain sensitive data... In another embodiment, the data-field evaluation determines that the data field contains data of a data type known to not include sensitive data)
wherein data in the second storage field is stored in at least one storage device; and (e.g. fig. 2, ¶3, 26, 50: As shown in FIG. 2, system 200 may include a computing device 202…Field analysis module 106 may then identify, in data pattern 210, one or more data fields 212 in the plurality of log entries 208 that contains variable data… In one embodiment, the data-field evaluation may determine that the data field contains enumerated data and therefore does not contain sensitive data.)
providing a first access control to the first storage field and a second access control to the second storage filed, the second access control being different than the first access control. (e.g. ¶3, 6-7, 40: As will be described in greater detail below, the instant disclosure describes various systems and methods for anonymizing log entries by identifying fields in log entries that may contain sensitive information and then applying a data-anonymization policy that anonymizes the sensitive information…the data-field evaluation determines that the data field contains sensitive data and the data-anonymization policy anonymizes the data field by (1) encrypting the data field using a one-way hash, (2) encrypting the data field using reversible encryption, (3) replacing the data field with random data, (4) replacing the data field with static data, (5) removing the data field, and/or (6) generalizing the data field…the data-field evaluation determines that the data field contains enumerated data and therefore does not contain sensitive data and the data-anonymization policy does not modify the data field. In another embodiment, the data-field evaluation determines that the data field contains data of a data type known to not include sensitive data and the data-anonymization policy does not modify the data field)
Although Spertus discloses wherein data in the second storage field is stored in at least one storage device that is located (see above), Spertus does not appear to explicitly disclose but Scheiblauer discloses determining a storage location of the first storage field based on determining that the first storage field stores the PII data (e.g. ¶53: compute (223) an encryption key (155) from the global key (139), an account identifier (151), and an identifier (153) of a data field (e.g., in response to a query that provides the identifier (151) of the user account (137) and the identifier (153) of a data field (e.g., 161, 162, 163, 164, . . . , 169) of personally identifiable information); encrypt (225), using the encryption key (155), the content of the data field (157) of the user account (137) identified by the account identifier (151); determine (227) a location in a data storage; store (229) the encrypted content (159) at the location in the data storage, separate from encrypted data of other data fields of the account (137); store (231) the location in a database for retrieval based on the account identifier (151) and the identifier (153) of the data field; and discard (233) the encryption key (155).) and causing the PII data stored in the first storage field to be stored in a subset of available storage devices that are physically located in a location associated with a user corresponding to the PII data stored in the first storage field, wherein data in the second storage field is stored in at least one storage device that is located in a different geographic location than the subset of storage devices; and (e.g. fig. 1, ¶27, 41-42, 52, 56-57: the locations of the encrypted data items (171, 172, 173, 174, . . . , 179) in the secured data are stored in a separate storage location/device (e.g., in a location database (138) separate from the data storage device (105) of the secured data (149)) to reduce the likelihood that both the location data and the secured data (149) are stolen. Different access controls can be applied to the access to the encrypted date items (171, 172, 173, 174, . . ., 179) and the location database (138) … the location database is secured in a storage device/system that is separate from the storage device/system for the encrypted content of data fields of user accounts.)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Scheiblauer into the invention of Spertus for the purpose of improving the security of the storage of the personally identifiable information (PII) of the users and preventing and/or deterring unauthorized discovery of the personally identifiable information of the users even when the database storing the personally identifiable information (PII) is stolen (Scheiblauer, ¶17).

Claim 9, Spertus-Scheiblauer discloses The method of claim 1, further comprising deleting contents of the first storage field in response to determining the first storage field includes the PII data. (Spertus, e.g. ¶3, 6-7, 40)

	Claims 14 and 20, these claims are rejected for similar reasons as in claim 1.

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Spertus (US 20170149793) in view of Scheiblauer (US 20180336366) in view of Nelke (US 20120066214) and further in view of Bradley (US 20170294192).

Claim 8, Spertus-Scheiblauer discloses The method of claim 1 and does not appear to explicitly disclose but Nelke discloses determining that the first storage field includes the PHI data based on correlations between a plurality of frequency maps, (Nelke, e.g. ¶27, 44) wherein the first storage field stores textual information, (Nelke, e.g. ¶26, 44) and wherein the correlations are determined using a transformation. (Nelke, e.g. ¶27, 29-31, 33-34, 39).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Nelke into the invention of Spertus-Scheiblauer for the purpose of enabling a large number of pairs of columns to be compared with each other in a short time and finding all the other data sets that have similar fingerprints like the reviewed data set (Nelke, ¶31-32).
Although Spertus-Scheiblauer-Nelke discloses the correlations are determined using a transformation (see above), the combination does not appear to explicitly disclose but Bradley discloses a Fisher transformation (e.g. ¶72: the similarity score may be a Fisher transform of a correlation).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Bradley into the invention of Spertus-Scheiblauer-Nelke for the purpose of computing a similarity score using a Fisher transform (Bradley, ¶72).

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Spertus (US 20170149793) in view of Scheiblauer (US 20180336366) and further in view of Fujiwara (US 20030014394).

Claim 10, Spertus-Scheiblauer discloses The method of claim 1, (see above) and does not appear to explicitly disclose but Fujiwara discloses wherein providing the first and second access controls comprises generating access controls that require administrative privileges for accessing the first storage field and user level privileges for accessing the second storage field. (Fujiwara e.g. fig. 8, ¶44-45)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Fujiwara into the invention of Spertus-Scheiblauer for the purpose of controlling access to data based on different access levels (Fujiwara, ¶44).

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Spertus (US 20170149793) in view of Scheiblauer (US 20180336366) and further in view of Moritz (US 7263588).

Claim 11, Spertus-Scheiblauer discloses The method of claim 1, (see above) and does not appear to explicitly disclose but Mortiz discloses marking particular storage devices as being located in particular geographic locations. (e.g. col. 4, ll. 33-39, 43-48, 59-65)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Moritz into the invention of Spertus-Scheiblauer for the purpose of keeping track of the locations of the plurality of storage devices for subsequent data retrieval.

Claims 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Spertus (US 20170149793) in view of Scheiblauer (US 20180336366) and further in view of Nachenberg (US 20180268135).

Claim 12, Spertus-Scheiblauer discloses The method of claim 1, (see above) and does not appear to explicitly disclose but Nachenberg discloses determining that a given storage field of a plurality of storage fields stores data that includes PII; selecting a first subset of values stored in the given storage field; and populating a Bloom filter based on the selected first subset of values by invoking a plurality of different hash functions on each value in the selected first subset of values stored in the given storage field. (Nachenberg, e.g. fig. 2, ¶55, 57-59)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Nachenberg into the invention of Spertus-Scheiblauer for the purpose of generating a Bloom filter and using the Bloom filter to detect a data breach (Nachenberg, ¶55).

Claim 13, Spertus-Scheiblauer-Nachenberg discloses The method of claim 12, further comprising: selecting a second subset of values stored in the first storage field based on the Bloom filter; determining that at least one of the second subset of values stored in the first storage field are represented by the Bloom filter; and in response to the determining that the at least one of the second subset of values stored in the first storage field are represented by the Bloom filter, determining that the first storage field includes the PII data of the given storage field. (Nachenberg, e.g. fig. 2, ¶60-62).  Same motivation as in claim 12 would apply.

Allowable Subject Matter
Claims 2-7 and 15-19 would be allowable if (1) rewritten in independent form including all of the limitations of the base claim and any intervening claims, (2) rewritten to overcome any of the objection or 112(b) rejection set forth above and (3) the nonstatutory double patenting rejection is overcome.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 

US 20040181679 discloses if the encryption attributes indicate the field is not sensitive, the results are not encrypted anyway and, therefore, may be displayed without regard to the user profile. On the other hand, if the field is sensitive (i.e., the results are encrypted), a security level or user group contained in the user profile may be compared against a corresponding encryption attribute to determine if the user is authorized to view the encrypted data. If it is determined the user is authorized to view the results for the field, the results are (decrypted and) displayed, at step 354. As will be described in greater detail below, if the user is not authorized, the remaining (unencrypted or decrypted) results may still be displayed to the user, along with an indication that one or more of the results fields is encrypted and, therefore, not displayed to the user. As an alternative, encrypted fields the user is not authorized to view may be simply be removed from the results set (or not displayed). Regardless, once the operations 350-354 have been performed for all the results fields, the operations 340 are exited at step 360.


US 20090276240 discloses confidential flag data field 628 includes data indicating whether particular information is deemed confidential. In an exemplary operation, if confidential flag data field 628 includes data, then the patient problem with which it is associated may be restricted from access from certain individuals in a healthcare environment.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRONG NGUYEN whose telephone number is (571)270-7312.  The examiner can normally be reached on Monday through Thursday 9:00 AM - 5:00 PM EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, GELAGAY SHEWAYE can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/TRONG H NGUYEN/Primary Examiner, Art Unit 2436