DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

				General remarks:
1/ Claims 1-2, 4-5, 7-11 are pending
2/ claims 1 and 10 are independent
3/ Previous IDS filed 06/21/2019 has been considered
4/ Claim 3 is originally cancelled
6/ claim 6 is cancelled

Response to Arguments
Applicant’s arguments, filed 08/29/2022, with respect to the rejection(s) of claim(s) 1 and 10 under the combination of prior arts have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Nakhjiri (US pg. no. 20150186635).
-Part of the other previous prior arts are being relied up on for the other limitations where they are not related to arguments.



Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claims 1, 4-5, and 10 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Zalila (US pg. no. 20120259826), further in view of Hussain ( US pg. no. 20100241844), further in view of Nakhjiri (US pg. no. 20150186635).
	Regarding claim 1. Zalila discloses a system for adapting a response provided by a first device, wherein the system comprises the first device (fig. 2, service providers 208); 
the first device comprises a processor (fig. 2, processor of service providers 208);
the processor is configured to:
receive, from at least one user device, as at least one second device (fig. 2 device of user 204), a data access request (fig. 2, 236 request), the data access request comprising at least one identifier relating to a user and a predetermined service provider interface (fig. 2 discloses user 204 communicates request 236 with communication device 202 that corresponds to service provider interfaces for service providers 208. The source and the destination information of the request 236 corresponds to identifier related to the user and the communication device 202 (service provider interface)), the service provider interface being associated with the first device (([0038] discloses interfacing agent 106 allows the user 104 to interface with any type of service provider 108 (first device)) ;
process the data access request and provide an original data response to the data access request (fig. 12 307 discloses receive response data from the one or more service providers (first device)); and
send the original data response (fig. 12 discloses 307 discloses receive response data from the one or more service providers (first device)) wherein the system is configured to:
intercept, by a secure element connected to the first device,  the original data response sent by the first device and modify  the original data response while being specific to the user (0037] discloses when the service providers 108 receive the request, the service providers 108 may send response data back to the interfacing agent 106 (intercepting by a secure element), which then filters the response data based on the user profile of the user 104  to form or generate user-customized response data (response while being specific to the user); fig. 12 307-309 discloses receive user request; send user request to service providers; receive response from service providers; and filter response to generate customized response according to user attributes of the user profile that corresponds to intercepting) by: 
send at least a part of the adapted response to the second device or at least one third device ([0084] discloses the process filters the response data from the one or more service providers using the user profile to form user-customized response data (step 309). The process presents the user-customized response data to the user (step 311)).
But, Zalila does not explicitly disclose:
separating, based on the user, the intercepted original data response into a plurality of data elements; 
provide an adapted response including the at least one generated value representing a value relating to the plurality of data elements that have been separated from the intercepted response;
However, in the same field of endeavor, Hussain discloses:
separating, based on the user, the intercepted original data response into a plurality of data elements ([0015] discloses sensitive information is seamlessly replaced with masked information that does not violate the privacy policies, yet maintains the integrity of the message and the protocol carrying the message. The masking of such information can be performed in a uniform manner for all the recipients, but the preferred embodiment associates the client with the request and performs the masking based on the client's role (based on the user) within the organization. That corresponds to separating the intercepted response in to sensitive and non-sensitive); 	
provide an adapted response including the at least one generated value representing a value relating to the plurality of data elements that have been separated from the intercepted responses ([0020]the redaction process starts when the redaction (anonymization)appliance detects a client request and the corresponding server response (301). The appliance identifies the client making the request using the authentication information embedded within the request. Once the client has been identified (based on the user), the client's role is retrieved from the role database (106) (selected user  entitlement). The redaction rules associated with this role are retrieved from the redaction rules database (105) and associated with the client's session. This process is carried out only once during a single client session. All subsequent server responses directed to this client are subjected to the redaction rules applicable to his or her roles (302). These responses are parsed by the protocol parser for the application protocol in use for that session (303). Parsing the message stream allows the redaction appliance to determine if any of the redaction rules need to be enforced. On making such a determination, the appliance makes a temporary copy of the sensitive information (304) (separated data element) and replaces it with a predetermined character, such as Xs or blanks (305) (generated value). The client does not get to see the redaction information, yet proceeds with his required duties);
Therefore, it would have been obvious to a person having ordinary skill in the art at the time of the invention was effectively filed to combine the teaching of Zalila with Hussain. The modification would allow access control to restricted data for a more secured system.
		But, the combination does not explicitly disclose:
selecting, based on the user, a predetermined user entitlement,  wherein the predetermined user entitlement includes one or several allowed data operations that follow (i) a data reading at least in part, (ii) a data update at least in part, and (iii) a data sharing at least in part; 
generating, based on the user and the selected user entitlement, at least one value relating to each of the separated data elements, each of these values relating to each of the separated data elements include generated data representing a monetary value relating to the adapted response based on at least one predetermined data element measuring scheme;
replacing an original value included in the intercepted original data response with said generated at least one value;
However, in the same field of endeavor Nakhjiri discloses selecting, based on the user, a predetermined user entitlement ([0041] discloses, a doctor (based on user) can be given authority to access the full details (predetermined user entitlement based on user) of a patient's medical record within a resource 202, while a patient's family members or an insurance provider (user) can be given a lower authorization level (predetermined user entitlement based on user) such that they can only access basic information about the patient within that same resource 202), wherein the predetermined user entitlement includes one or several allowed data operations that follow (i) a data reading at least in part, (ii) a data update at least in part, and (iii) a data sharing at least in part ([0041] discloses clients 102 having higher authorization levels can be granted access to data that is more sensitive than clients 102 with lower authorization levels. In these cases, access to data within a resource 202 that is tagged with a particular sensitivity level can be granted to only those clients 102 that have been authorized to view (data reading), edit (data update), or subscribe  (data share) to the data of that sensitivity level); 
	generating, based on the user and the selected user entitlement (fig. 4A discloses authorization level and corresponding data that can be accessed with the corresponding reduction level; fig. 5, 202 discloses the data is segmented and each segment is assigned reduction level to control access level to authorized user according to mapping table indicated in fig. 4A), at least one value relating to each of the separated data elements (fig. 5 204A discloses  separating requested data in to segments divided in to separated data elements; fig. 5, 204 B discloses adapted response 204B of the original data 204A is created by comparing each portion of the data based on user authorization level and redacting portions based on authorization level. Each segment to be redacted is represented by the shaded value that corresponds to generated value related to the separated data elements to replace the original data according to user authorization level (selected user entitlement); [0048] different representations 204 (adapted response)  of a resource 202 (original data) can be generated and be provided to clients 102 depending on the client's authorization level 404 (user and user entitlement) and the redaction level 402 of each piece of data within the resource 202), 
	each of these values relating to each of the separated data elements( fig. 5 204B each compartment corresponds to separated data element) include generated data representing a monetary value (fig. 5 204 B or 204C discloses adapted response where each of the separated fields of 202 is redacted with shaded value  (generated value) for portion of the resource the client is not authorized to or left with original value for portion of the resource the client is authorized to access based on reduction level 402(monetary value) assigned to each segment and authorization level of user; [0047] discloses clients 102 having an authorization level of 1 can be authorized to access data having reduction level 402 lower than or equal to 1 (monetary value). The reduction shade that is used to redact data representing reduction level greater than 1 corresponds to generated data representing the monetary value (reduction level)) relating to the adapted response based on at least one predetermined data element measuring scheme ([0052] discloses the server 104 can provide the client 102 with the representation 204 (adapted response) of the resource 202 that contains only the data within the resource 202 that has a redaction level 402 (monetary value) that is equal to or lower than the reduction level 402 the client 102 is authorized to access (that corresponds to predetermined measuring scheme); [0047] discloses clients 102 having an authorization level of 1 can be authorized to access data having reduction level 402 lower than or equal to 1; clients 102 having an authorization level of 2 can be allowed to access data having reduction level 402 of lower than or equal to 3; and clients 102 having an authorization level of 3 can be allowed to access data having reduction level 402 of lower than or equal to 5 (predetermined data measuring scheme)); and  
replacing an original value included in the intercepted original data response with said generated at least one value(fig. 5 discloses the adapted response 204B or 204C comprises redacted portion according to the client authorization level are replaced with shaded value. The shaded value corresponds to generated value).
Therefore, it would have been obvious to a person having ordinary skill in the time of the invention was effectively filed to combine the teaching of the combination with Nakhjiri. The modification would allow managing records of different entitlements to different users to enable effective granular data access control.		
Regarding claim 4.   The combination discloses the system according to claim 1.
Nakhjiri further discloses, wherein, to generate the at least one value relating to the at each of the separated data elements (fig. 5, 204B discloses generated value (shaded value) to each of segments of requested data), the system uses at least one predetermined data element modifying scheme(fig. 5, 204B discloses the unauthorized portions are redacted out to modify the original content according to authorization level of the user that corresponds to modification scheme) and at least one predetermined data measuring scheme([0052] discloses the server 104 can provide the client 102 with the representation 204 (adapted response) of the resource 202 that contains only the data within the resource 202 that has a redaction level 402 (monetary value) that is equal to or lower than the reduction level 402 the client 102 is authorized to access (that corresponds to predetermined measuring scheme)).

Regarding claim 5, the combination discloses system according to claim 1.
Zalila further discloses wherein the system uses at least one predetermined data element modifying scheme ([0037] discloses because the user-customized response data has been processed to remove response data that is not pertinent to the user 104 (user), such as by removing data that does not match the user's preferences or attributes (predetermined data modifying scheme)  as defined in the user profile (user profile)f, the user 104 may be presented with customized data that effectively reduces the volume of data (generating value) the user 104 receives).
Regarding claim 10, the combination discloses a method for adapting a response provided by a first device, comprising:
All other limitations of claim 10 are similar with the limitation of claim 1 above. Claim 10 is rejected on the analysis of claim 1 above.
		Claims 2 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over the combination Zalila (US pg. no. 20120259826), Hussain ( US pg. no. 20100241844), and Nakhjiri (US pg. no. 20150186635), further in view of Yao (US pg. no. 20150348106).
Regarding claim 2, the combination discloses the system according to claim 1.
But, the combination does not explicitly disclose:
wherein the data access request includes at least one context data element; and
the system configured to intercept and filter the data access request addressed to the first device, and extract the at least one context data element;
However, in the same field of endeavor, Yao discloses, wherein, the data access request includes at least one context data element ([0040] the content request 202 includes user device context data 204 that specify user device attributes for the user/user device 106 to which the content item will be presented); and the system configured to intercept and filter the data access request addressed to the first device, and extract the at least one context data element ([0043] The content item modifier 122 selects, based on the user device context data 204 and from the feed data 124, content that will be inserted into a customizable content item. The component selecting extracting the context data from the request corresponds to filtering means.  In some implementations, the content item modifier 122 selects the content based on a matching function (e.g., MF1, MF2, or MF3) that specifies, for one or more combinations of user device attributes, which proper subset of the feed data 124 is to be used to create the customized content item).
Therefore, it would have been obvious to a person having ordinary skill in the art at the time of the invention was effectively filed to combine the teaching of the combination with Yao. The modification would allow transmitting information with the request. The modification would allow building user profile at intermediate device using the information and implementing the user profile to provide customized service to the user for a better user experience.
Claims 7-8, and 11 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over the combination Zalila (US pg. no. 20120259826), Hussain ( US pg. no. 20100241844), and Nakhjiri (US pg. no. 20150186635), further in view of Krasnoiarov (US pg. no. 20080072306).
		Regarding claim 7, the combination discloses the system according to claim 4.
		But, the combination does not explicitly disclose:	
	wherein, the original data response comprises original data and each of the at least one predetermined data element modifying scheme comprises a predetermined algorithm for processing the data element;
		However, in the same field of endeavor, Krasnoiarov discloses wherein, the original data response comprises original data (fig.1 C discloses response data that corresponds to original data), and each of the at least one predetermined data element modifying scheme comprises a predetermined algorithm for processing the data element ([0009] The rule (algorithm) can be an IF-THEN type rule with trigger and an action.  The trigger can include elements of the response or information related to the user.  An example of a rule could be IF ((link A is in page) AND (user is in group C)) THEN (replace link A with link B) that corresponds to predetermined algorithm to modify the response data).
		Therefore, it would have been obvious to a person having ordinary skill in the art at the time of the invention was effectively filed to combine the teaching of the combination with Krasnoiarov. The modification would allow modifying responses to generate customized content using different modifying scheme for an effective content personalization curated towards to a specific user.
Regarding claim 8, the combination discloses the system according to claim 4. 
Nakhjiri discloses generated value relating to each of the separated data elements (fig. 5 204B discloses generated value (redaction shade) to each of components of requested data separated into segments).
But, the combination does not explicitly disclose:
wherein the at least one generated value relating to data elements depends on at least one element of a group comprising: the user
However, in the same field of endeavor, Krasnoiarov discloses wherein the at least one generated value relating to data elements depends on at least one element of a group comprising: the user ([0007]-[0009] discloses receiving response. The rule used to modify is IF ((link A is in page) AND (user is in group C) based on user) THEN (replace link A with link B). Link A corresponds data element. Generating modified response by replacing link B corresponds to generating value based on the user is group C).
Therefore, it would have been obvious to a person having ordinary skill in the art at the time of the invention was effectively filed to combine the teaching of the combination with Krasnoiarov. The modification would allow using user profile to create directed personalized content according to the user for an effective content personalization that ensures better user experience. 


Regarding claim 11. The combination discloses the system according to claim 1.
But, the combination does not explicitly disclose:
wherein the adapted response further includes at least one of the at least one data element.
	However, in the same field of endeavor, Krasnoiarov further discloses wherein the adapted response further includes at least one of data element from the plurality of data elements ([0007]-[0009] the rule used to modify response is IF ((link A is in page) AND (user is in group C) THEN (replace link A with link B). Link A corresponds data element replaced by the other data element link B. Generating modified response by replacing link B corresponds to the adapted response includes the at least one data element).
	Therefore, it would have been obvious to a person having ordinary skill in the art at the time of the invention was effectively filed to combine the teaching of the combination with Krasnoiarov. The modification would allow effectively selecting elements that needs to be revealed for a specific user and hiding contents that are protected for the specific user as a result ensuring a more secured system.

Claims 9 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over the combination Zalila (US pg. no. 20120259826), Hussain ( US pg. no. 20100241844), and Nakhjiri (US pg. no. 20150186635), further in view of Sutton (US pg. no. 20100218253).
Regarding claim 9.    The combination discloses the system according to claim 1.
Nakhjiri discloses generated value relating to each of the separated data elements (fig. 5 204B discloses generated value to each of components of requested data of separated segments).
But, the combination does not explicitly disclose:
wherein the adapted response includes the intercepted original data response and the generated value relating to…, the system using a predetermined response measuring scheme.
		However, in the same field of endeavor, Sutton further discloses, wherein the adapted response includes the intercepted original data response and the generated value relating to …, the system using a predetermined response measuring scheme ([007] discloses the content injection service is configured to receive a web request from a client within the system.  The content injection service intercepts a response (intercepted response) to the web request and identifies a potential security threat associated with the response (using predetermined response measuring scheme) to the request.  The content injection service is further configured to determine an appropriate counter for the identified potential threat (generated value related to the intercepted response) and inject content into the response at a particular location within the response, based upon the counter determined. The adapted response comprises the intercepted response and the injected content (generated value relating to the intercepted original data response)).
		Therefore, it would have been obvious to a person having ordinary skill in the art at the time of the invention was effectively filed to combine the teaching of the combination with Sutton. The modification would allow adapting responses by injecting content in to the responses when threat is detected to take countermeasure action to the detected security threats in order to enable a more secured client server communication.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US pg. no. 20220198041; US pat. No. 10701079.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MESSERET F GEBRE whose telephone number is (571)272-8272.  The examiner can normally be reached on M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar Louie can be reached on 571-1701684.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MESSERET F GEBRE/Examiner, Art Unit 2445          

/OSCAR A LOUIE/Supervisory Patent Examiner, Art Unit 2445