DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claim21-40 rejected on the ground of nonstatutory double patenting as being unpatentable over claim1-20 of U.S. Patent No. 11,281,752 (US Patent App No 16/807,646). Although the claims at issue are not identical, they are not patentably distinct from each other because the claims are both drawn to a system and method for retrieving personally identifiable information (PII) wherein a request to redeem the PII is received in response to receiving a token. In both cases, a connection is established with another device to redeem the PII and after receiving consent, the PII is encrypted and communicated. 
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: device in claim 21-30. Support in the specification can be found on page 7, page 26 and page 12. 
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. It is recommended to the applicant to recite a hardware component executing the limitation(s) or the limitations comprising hardware (i.e device in claim 21-30) if applicant wishes the limitations not to be interpreted under 35 U.S.C. 112(f) ) or pre-AIA  35 U.S.C. 112, sixth paragraph. 
Allowable Subject Matter
Claims 21-40 are allowed.
The following is an examiner’s statement of reasons for allowance:
The prior art, Kurylko et al (US 2021/0224788), discloses identity freezing. A user input requesting halting of operations related to a plurality of accounts or profiles of the user at different local systems is received. In response, a token mapping database is accessed to identify a personally identifiable information (PII) token for the user. A freeze message with the PII token is transmitted to the different local systems to halt operations associated with the plurality of accounts or profiles of the user. Thereafter, at the different local systems, the operations associated with the plurality of accounts or profiles of the user are halted to freeze an identity of the user. More efficient communication and operations to freeze the user accounts and profiles thereby result.
The prior art, Phillips et al (US 10,552,637), discloses a system for provide for protecting user information in an overlay service. Protecting user information may include redacting personally identifiable information (PII) from information that may be exposed to third parties. Additionally, protecting user information may include opening a second account on behalf of the user using a plurality of unique identifiers in lieu of information identifying the user. This protects users' identities and privacy as their assets are transferred between various institutions.
The prior art, Felsher (US 2002/0010679), discloses a method of maintaining electronic medical records, comprising the steps of receiving a medical transaction record, encrypted with an encryption key relating to a patient association of the file, accessing the encrypted medical transaction record according to a patient association; and further encrypting the encrypted accessed medical transaction record with an encryption key associated with an intended recipient of the medical record. The system and method according to the present invention presents a new business model for the creation, maintenance, transmission, and use of medical records, allowing financial burdens to be reallocated, for example more optimally or equitably, to decrease overall societal cost, or simply to provide a successful business model for a database proprietor. Secure entrusted medical records are held in trust by an independent third party on behalf of the patient, serving the medical community at large. Separately encrypted record elements may be aggregated as an information polymer.
The prior art, Aissi et al (US 2014/0013452), discloses systems and methods for protecting data at a data protection hub using a data protection policy. One embodiment of the invention discloses a method for protecting unprotected data. The method comprises receiving a data protection request message comprising unprotected data and one or more policy parameters, determining a data protection transformation using the policy parameters, performing the data protection transformation on the unprotected data to generate protected data, and sending the protected data
The prior art, Baum et al (US 2015/0149362), discloses methods to reversibly encrypt health-related personally identifiable information (PII) are described allowing the distribution of health-related information to multiple subscribers while remaining under the control of patient consent directives.
The prior art, Coxe et al (US 2015/0332029), discloses a method for establishing and monetizing trusted identities in cyberspace relying upon user opt in. Users request to attain secure IDs by accessing parties that will rely on secure IDs to complete a transaction, for example merchants and service providers (relying parties). The relying parties (RPs) communicate with identity service providers and attribute providers via an Attribute Exchange Network (AXN) in order to obtain verified attributes associated with an entity (end user or user) that wishes to conduct business with the relying party. The relying party makes requests for verified attributes that are important to consummating business transactions for the relying party. Users are informed of requests for attributes on behalf of relying parties and users have the option to verify attributes, and add new attributes that may be useful or required for conducting business with relying parties.
The prior art, Lacey et al (US 2016/0098577), discloses establishing a plurality of context profiles for a user, at least one context profile is associated with: (i) subject areas pertinent to the at least one context profile (ii) permissions identifying respective third parties with which personal information can be shared when the at least one context profile is active; (iii) permissions identifying what personal information can be shared with respective third parties when the at least one context profile is active; (iv) permissions identifying respective third parties that are permitted to contact the user when the at least one context profile is active; and (v) permissions identifying how respective third parties may contact the user when the at least one context profile is active; when the at least one context profile is active, operating in one of two or more modes (e.g., a regular mode or a discovery mode).
The prior art, Suominen (US 7,194,618), discloses authenticating a digital signature key, a record is prepared that includes an integrated combination of indicia uniquely corresponding to the key, and indicia of a covenant not to repudiate any digital signature made with the key except under specified conditions. The owner of the key performs a legally accepted execution of the record, whereby he enters into a covenant with any bearer of the record not to repudiate any digital signature made with the key except under the specified conditions.
The prior art, Kurylko et al (US 2021/0224788), discloses a method to perform identity freezing. A user input requesting halting of operations related to a plurality of accounts or profiles of the user at different local systems is received. In response, a token mapping database is accessed to identify a personally identifiable information (PII) token for the user. A freeze message with the PII token is transmitted to the different local systems to halt operations associated with the plurality of accounts or profiles of the user. Thereafter, at the different local systems, the operations associated with the plurality of accounts or profiles of the user are halted to freeze an identity of the user. More efficient communication and operations to freeze the user accounts and profiles thereby result.
The prior art, Shaffer et al (US 2020/0396221), discloses providing access control and persona validation for interactions. In one embodiment, a method for a first device comprises: interacting with a second device on a communication channel; determining, over a verification channel with a verification service, that an identity of a user communicating on the second device is a verified identity according to the verification service; determining a persona of the user; querying a third-party entity to make a determination whether the persona is validated and to correspondingly determine a current privilege level; and managing interaction with the second device according to the determination whether the persona is validated and the corresponding current privilege level. Another embodiment comprises a verification server's perspective of facilitating the interaction between the first and second devices, where the verification server queries the third-party entity to validate the persona.
The prior art, Bayon et al (US 2020/0387623), discloses methods for tokenization in a cloud-based environment. The disclosed systems and methods may perform operations including receiving input to be tokenized; obtaining a keyed hash function from a key management system; using the keyed hash function to generate a storage token for the input; creating an encrypted database entry linking the generated token to the received input; setting an expiry for the storage token; and when the storage token is received before the expiry, providing the linked input in response.
The prior art, Dilles et al (US 2020/0374129), discloses methods for creating a non-reputable digital record of an identification (ID) document (ID-document) of an ID-holder, by a verifier-server. The system includes at least one verifier-server of a verifier and ID-holder-computing-device. The method includes authenticating a captured ID provided by the ID holder and extracting PII fields from the captured ID; cryptographically protecting jointly and severally the extracted-PII-fields, wherein the cryptographically protecting includes individually hashing each one of the PII fields; and transmitting from the verifier-server, to the ID-holder-computing-device, a verification-result comprising PII-hash-pairs, the individually-hashed-PII-fields, and a verifier-server-signature, the verification-result being the non-reputable digital record. Also disclosed are systems and methods for using the digital record for secured interaction between the ID holder and a vendor.
The prior art, Chavarria et al (US 2020/0327540), discloses a method for subverting open transmission of personally identifiable information through the use of tokenization includes: receiving a token request from an issuing financial institution; identifying a digital token; mapping the identified digital token to a primary account number; transmitting the identified digital token to the issuing financial institution; receiving a data request from a third party, wherein the data request includes the identified digital token; replacing the identified digital token in the data request with the mapped primary account number; transmitting the data request including the mapped primary account number to the issuing financial institution; receiving a data package including one or more items of personally identifiable information; and forwarding the data package.
The prior art, Amar (US 2020/0311299), discloses a system for storing and managing secure information is disclosed that includes a secure identity and profiling system, which serves as a middleman between a user and an entity requesting personally identifiable information (PII) from the user. The system collects the PII from the user and stores it securely, such as in an alternate blockchain in an encrypted form. The location of the PII within the alternate blockchain may be indexed using smart contracts in a main blockchain that can only be read with an access token generated and supplied by the user's mobile device. When an entity requests PII from the user that has already been collected and securely stored, the user can provide permission to release that PII by providing the access token. The system will use the access token to locate where the PII is stored and release the PII to the requesting entity.
The prior art, Grayson et al (US 2020/0145498), discloses a method including: transmitting a message to a first end point that includes an instruction to initiate a communication type, wherein the communication type includes sharing a randomization token between the first and second end points; obtaining a first communication report from the first end point and a second communication report from the second end point in response to initialization of a communication based on the communication type between the first end point and the second end point across the network, wherein the first and second communication reports respectively include a first and second hash that corresponds to a function of the randomization token and identity information; determining whether the first hash matches the second hash; generating a value that correlates the first and second end points with the communication across the network in response to determining that the first hash matches the second hash.
The prior art, Bouse (US 2017/0148014), discloses a method for generating a token identity for a customer may include: receiving, from the customer, a request for generating the token identity, the request including customer information associated with a digital identification of the customer; obtaining the digital identification of the customer based at least on the customer information included in the received request from the customer; receiving an identifier of the customer; determining that the identifier of the customer matches an identifier specified by the digital identification of the customer; in response to determining that the identifier of the customer matches an identifier specified by the digital identification of the customer, generating a customer identification sequence for the customer; assigning the generated customer identification sequence for the customer to a device identity module configured to the customer device; generating the token identity based at least on assigning the generated customer identification sequence for the customer to the device identity module configured to the customer device; and providing the token identity for output during an electronic transaction on the customer device.
The prior art, Luria (US 2017/0193249), discloses a method that may obtain a connection profile, the connection profile including at least one rule related to at least one PII data element; associate the connection profile with a network connection; receive a data unit transmitted over the network connection, the data unit including at least a portion of the PII data element; and, based on the rule, perform at least one of: blocking transmission of the data unit, modifying the data unit, forwarding at least a portion of the data unit to a selected destination, storing the data unit, storing metadata related to the data unit, and reporting an event related to the data unit. A system and method may associate the connection profile with a set of connection. A system and method may automatically modify a set of connection profiles based on an event.
However, none of the prior arts of record, either alone or in combination, discloses all the limitations of the independent claim, 21 and 31, including, but not limited to "receiving, by a hardware processor, from an external system, a token associated with personally identifiable information of a user; in response to receiving the token, storing, by the hardware processor, a request to redeem the personally identifiable information of the user; storing, by a device separate from the hardware processor, the personally identifiable information encrypted using a first public encryption key; establishing, by the device, a connection with the hardware processor; after establishing the connection and in response to the request being stored, requesting, by the device, consent from the user to redeem the personally identifiable information; in response to receiving the consent from the user: encrypting, by the device, using a second public encryption key, the personally identifiable information encrypted using the first public encryption key to produce the personally identifiable information encrypted using the first public encryption key and the second public encryption key; and communicating, by the device, the personally identifiable information encrypted using the first public encryption key and the second public encryption key to the hardware processor.” Therefore, independent claims 21 and 31 are allowable over the prior arts of record. Likewise, the associated claims which depend from independent claims 21 and 31 are allowable by virtue of their dependence on the independent claims.
As allowable subject matter has been indicated, applicant's reply must either comply with all formal requirements or specifically traverse each requirement not complied with.  See 37 CFR 1.111(b) and MPEP § 707.07(a). In the instant scenario, a terminal disclaimer should be filed. 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
The prior art, McFraland et al (US ), discloses a method that includes receiving patient-generated event data over a network from a patient device associated with a patient having an active digital therapy prescription for treating an underlying disease or disorder.
The prior art, Peterson et al (US 2019/0109706), discloses multiple, separately administrated computer systems storing slices of the cipher text of a Personally Identifiable Information (PII) data item that is represented by a token.
The prior art, Tabak (US 2019/0108255), discloses a server receives a first query to perform one or more operations on an encrypted database and intercepts the first query. A set of data referenced by the first query is determined to include data that is to be encrypted. Based on metadata, one or more data columns of the data that is to be encrypted are identified as well as an encryption scheme to be applied to each of the data columns.
The prior art, MacCarthy (US 2016/0147945), discloses a method for performing secure checks of details of patient health records stored across multiple healthcare institutions without disclosing identifying details of the patient in transit and without compromising commercial confidentiality. 
The prior art, Gonzales Blanco (US 2017/0132431), discloses allowing accessing data belonging to a certain consumer (for example, data generated when using a certain telecommunications service) by another entity providing services to the user (for example a bank) without sending the personal identification of the consumer. The proposed invention adds more flexibility, saves resources and increases scalability, efficiency and privacy.
The prior art, Lacey (US 2017/0140174), discloses a method of obtaining authorization to release personal information associated with a user includes, at a server system, receiving a request for personal information associated with a user from a third party. The method further includes generating, in a system agnostic widget, a consent request for requesting authorization to release the personal information associated with the user to the third party and transmitting the consent request to a client device of the user via the widget.
The prior art, Fregly (US 2019/0036708), discloses a method and a computer system is provided for executing the method for providing a registration data directory service (RDDS). The method includes obtaining, at a RDDS, a RDDS query comprising a location assertion from a RDDS client from a RDDS client; providing, by the RDDS, a request for personally identifying information (PII) for the RDDS query from a privacy provider, wherein the request comprises the location assertion; obtaining, by the RDDS, the PII for the RDDS query; and providing, by the RDDS, a response to the RDDS query to the RDDS client, wherein the response comprises PII.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KENDALL DOLLY whose telephone number is (571)270-1948. The examiner can normally be reached Monday-Thursday 7am-4pm(EST) and Friday 7am-11am(EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KENDALL DOLLY/
Primary Examiner, Art Unit 2436