PERSONAL INFORMATION VAULT

§103 §112

Remarks Claims 21-24, 27-34, and 37-40 are pending. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 1/16/2026 has been entered. Claim Interpretation As noted in the previous claim interpretation section, since no specific quotations of statements and disclaimers being rescinded were identified, no statements or disclaimers are rescinded, and all statements and disclaimers remain in full force. Response to Arguments Applicant's arguments filed 1/16/2026 have been fully considered but they are not persuasive. With respect to Applicant’s arguments on pages 9-10 of the response, Grim discloses that the promise is to supply the personal information of the user to the third party at a later time, the metadata further comprising a user-specified access policy for the personal information, and a content addressable snapshot identifier including a cryptographic hash of a snapshot of the personal information and a secret shared between the user and the data repository system, wherein the content addressable snapshot identifier references a version of the personal information stored in the secure storage in Grim’s disclosure of a contract with permissions for a certain expiration/time to live, as well as a hash of the data and/or identifier using a key, such hash comprising a snapshot identifier and used for content based addressing, each hash being associated with a specific version of data since, if the data changes, the hash also changes, for example. Grim also discloses verifying, by the data repository system, that the second request references the content addressable snapshot identifier and conforms to a user defined access policy in Grim’s disclosure of verifying above-described policy and hash, for example, since a hash can be seen as a content addressable identifier. Claim Rejections - 35 USC § 112 The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112: The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention. Claims 21-24, 27-34, and 37-40 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Claim 1 has been amended to state “the metadata further comprising (i) a user-specified access policy for the personal information, and (ii) a content-addressable snapshot identifier including a cryptographic hash of a snapshot of the personal information and a secret shared between the user and the data repository system, wherein the content-addressable snapshot identifier references a version of the personal information stored in the secure storage”, “verifying, by the data repository system, that the second request references the content-addressable snapshot identifier and conforms to a user-defined access policy” and that the personal information is “associated with the content-addressable snapshot identifier”. The Examiner has scoured the application as originally filed and cannot find basis for this subject matter therein. All independent claims include similar subject matter and are rejected for the same reasons. All dependent claims are rejected at least based on their dependencies. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 21-24, 27-34, and 37-40 are rejected under 35 U.S.C. 103 as being unpatentable over TVHUB (KR20180089186A) in view of Grim (U.S. Patent Application Publication 2006/0085344), Faure (U.S. Patent Application Publication 2009/0327420), and Vogel (U.S. Patent 7,234,160). Regarding Claim 21, TVHUB discloses a computer implemented method for securely communicating personal information comprising: Receiving, by a data repository system, from a user, personal information of the user, the personal information comprises at least one of credit card information, address information, or identification information of the user (Exemplary Citations: for example, Paragraphs 23, 25, 70-89, and associated figures; receiving and storing personal information, for example. Applicant is also directed to the written opinion for PCT/US21/39246 for all rejections of all limitations herein); Storing the personal information in secure storage (Exemplary Citations: for example, Paragraphs 23, 70-89, and associated figures; storing personal information, for example); Receiving, from a third party, a first request for the personal information of the user (Exemplary Citations: for example, Paragraphs 28, 70-89, and associated figures; request, for example); Receiving, by the data repository system, from the user, authentication of the first request for the personal information of the user (Exemplary Citations: for example, Paragraphs 30, 70-89, and associated figures; user allowing access, for example); In response to receiving the authentication, providing, by the data repository system, metadata to the third party comprising a promise between the user and the data repository system for the data repository system to supply the personal information of the user to the third party (Exemplary Citations: for example, Paragraphs 45, 70-89, and associated figures; providing data, for example); and Supplying, at the later time, and upon the second request by the third party, the personal information to the third party (Exemplary Citations: for example, Paragraphs 4, 22, 23, 26-29, 40, 45, 46, 48-50, 52, 55, 64, 66, 74, 79, 81, 82, 88, 91, 92, and associated figures; sending personal information to merchant/service provider for use when the user purchases from merchant/service provider, for example); But does not explicitly disclose that the promise is to supply the personal information of the user to the third party at a later time, the metadata further comprising a user-specified access policy for the personal information, and a content addressable snapshot identifier including a cryptographic hash of a snapshot of the personal information and a secret shared between the user and the data repository system, wherein the content addressable snapshot identifier references a version of the personal information stored in the secure storage, receiving, from the third party, a second request for resolution of the promise, the second request identifying which of the personal information is required to complete the transaction, verifying, by the data repository system, that the second request references the content addressable snapshot identifier and conforms to a user defined access policy, that the personal information is associated with the content addressable snapshot identifier, and receiving, by the data repository system, from the third party, a confirmation of deletion of the personal information by the third party after the transaction is completed by the third party using the personal information of the user. Grim, however, discloses that the promise is to supply the personal information of the user to the third party at a later time, the metadata further comprising a user-specified access policy for the personal information, and a content addressable snapshot identifier including a cryptographic hash of a snapshot of the personal information and a secret shared between the user and the data repository system, wherein the content addressable snapshot identifier references a version of the personal information stored in the secure storage (Exemplary Citations: for example, Figures 1, 11, and associated written description, Paragraphs 39, 69-79, and associated figures; contract with permissions for a certain expiration/time to live, as well as a hash of the data and/or identifier using a key, such hash comprising a snapshot identifier and used for content based addressing, each hash being associated with a specific version of data since, if the data changes, the hash also changes, for example); Receiving, from the third party, a second request for resolution of the promise, the second request identifying which of the personal information is required to complete the transaction (Exemplary Citations: for example, Figures 1, 11, and associated written description, Paragraphs 39, 76-78, and associated figures); Verifying, by the data repository system, that the second request references the content addressable snapshot identifier and conforms to a user defined access policy (Exemplary Citations: for example, Figures 1, 11, and associated written description, Paragraphs 39, 69-79, and associated figures; verifying above-described policy and hash, for example); and Supplying, at the later time, and upon the second request by the third party, the personal information associated with the content addressable snapshot identifier to the third party (Exemplary Citations: for example, Figures 1, 11, and associated written description, Paragraphs 38, 39, 73-78, and associated figures; returning the data to the second party, who is a merchant, upon a request for fulfillment of contract made thereby, for example; deleting account and all information associated with it after expiration, for example). It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention, which is before any effective filing date of the claimed invention, to incorporate the timing and notification techniques of Grim into the personal information safe system of TVHUB in order to allow for providing only the required information and/or reduce the dangers of identity theft. Faure, however, discloses receiving, by the data repository system, from the third party, a confirmation of deletion of the personal information by the third party after the transaction is completed by the third party using the personal information of the user (Exemplary Citations: for example, Paragraphs 17, 50, 71, 119, 128-139, and associated figures; confirmation, for example). It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention, which is before any effective filing date of the claimed invention, to incorporate the deletion techniques of Faure into the personal information safe system of TVHUB as modified by Grim in order to ensure deletion occurred, safeguard personal data more, and/or increase security in the system. Vogel, however, discloses the promise comprising a secret shared between the user and the data repository system (Exemplary Citations: for example, Column 2, lines 39-56; Column 5, lines 46-59; Column 9, lines 1-20; and associated figures; PIN used to access data of a third party held by a second party by a first party, for example). It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention, which is before any effective filing date of the claimed invention, to incorporate the transfer authorization techniques of Vogel into the personal information safe of TVHUB as modified by Grim and Faure in order to provide additional assurance that a party wants their information accessed by another party via of use secrets, to provide for alternative forms of communicating authorizations, and/or to increase security in the system. Regarding Claim 31, Claim 31 is a system claim that corresponds to method claim 21 and is rejected for the same reasons. Regarding Claim 40, Claim 40 is a medium claim that corresponds to method claim 21 and is rejected for the same reasons. Regarding Claim 22, TVHUB as modified by Grim, Faure, and Vogel discloses the method of claim 21, in addition, TVHUB discloses that the authentication comprises two factor authentication (Exemplary Citations: for example, Paragraphs 62, 70-89, and associated figures; 2 or more different authentication methods, for example); and Grim discloses that the authentication comprises two factor authentication (Exemplary Citations: for example, Paragraph 38 and associated figures, claim 3 and associated written description and figures). Regarding Claim 32, Claim 32 is a system claim that corresponds to method claim 22 and is rejected for the same reasons. Regarding Claim 23, TVHUB as modified by Grim, Faure, and Vogel discloses the method of claim 21, in addition, Grim discloses receiving, from the user, a specification of a time limit during which the personal information of the user may be accessed (Exemplary Citations: for example, Paragraphs 64 and associated figures; user sets expiration, for example). Regarding Claim 33, Claim 33 is a system claim that corresponds to method claim 23 and is rejected for the same reasons. Regarding Claim 24, TVHUB as modified by Grim, Faure, and Vogel discloses the method of claim 21, in addition, TVHUB discloses receiving, from the user, authorization to proceed with supplying the personal information (Exemplary Citations: for example, Paragraphs 30, 70-89, and associated figures); and In response to receiving the authorization, providing the personal information of the user to the third party (Exemplary Citations: for example, Paragraphs 45, 70-89, and associated figures). Regarding Claim 34, Claim 34 is a system claim that corresponds to method claim 24 and is rejected for the same reasons. Regarding Claim 27, TVHUB as modified by Grim, Faure, and Vogel discloses the method of claim 21, in addition, TVHUB discloses that receiving the authentication from the user further comprises sending, to the user, an alert that the personal information is being requested (Exemplary Citations: for example, Paragraphs 30, 70-89, and associated figures); and Grim discloses the alert comprising which of the personal information is being requested (Exemplary Citations: for example, Figure 11 and associated written description, Paragraph 76 and associated figures). Regarding Claim 37, Claim 37 is a system claim that corresponds to method claim 27 and is rejected for the same reasons. Regarding Claim 28, TVHUB as modified by Grim, Faure, and Vogel discloses the method of claim 27, in addition, TVHUB discloses that the alert comprises a push notification (Exemplary Citations: for example, Paragraphs 39, 41, 70-89, and associated figures; SMS push authentication, for example); and Grim discloses that the alert comprises a push notification (Exemplary Citations: for example, Abstract, Figure 11 and associated written description, Paragraphs 38, 76, and associated figures; alert being sent, for example). Regarding Claim 38, Claim 38 is a system claim that corresponds to method claim 28 and is rejected for the same reasons. Regarding Claim 29, TVHUB as modified by Grim, Faure, and Vogel discloses the method of claim 21, in addition, TVHUB discloses associating the personal information of the user with an account reference number for the user (Exemplary Citations: for example, Paragraphs 25, 70-89, and associated figures). Regarding Claim 39, Claim 39 is a system claim that corresponds to method claim 29 and is rejected for the same reasons. Regarding Claim 30, TVHUB as modified by Grim, Faure, and Vogel discloses the method of claim 29, in addition, Grim discloses that the account reference number is utilized by the user in lieu of directly providing the personal information of the user (Exemplary Citations: for example, Paragraph 76 and associated figures). Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jeffrey D Popham whose telephone number is (571)272-7215. The examiner can normally be reached Monday through Friday 9:00-5:30. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached at (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Jeffrey D. Popham/Primary Examiner, Art Unit 2432