Office Action Predictor
Application No. 17/232,127

Location Aware User Model That Preserves User Privacy Of Sensor Data Collected By A Smartphone

Non-Final OA §103
Filed
Apr 15, 2021
Examiner
ZARRINEH, SHAHRIAR
Art Unit
2496
Tech Center
2400 — Computer Networks
Assignee
Koa Health Solutions S.L.U.
OA Round
5 (Non-Final)
79%
Grant Probability
Favorable
5-6
OA Rounds
2y 8m
To Grant
86%
With Interview

Examiner Intelligence

79%
Career Allow Rate
341 granted / 433 resolved
Without
With
+7.3%
Interview Lift
avg trend
2y 8m
Avg Prosecution
58 pending
491
Total Applications
career history

Statute-Specific Performance

§101
7.4%
-32.6% vs TC avg
§103
52.0%
+12.0% vs TC avg
§102
12.0%
-28.0% vs TC avg
§112
16.3%
-23.7% vs TC avg
Black line = Tech Center average estimate • Based on career data

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In communications filed on 11/21/2025. Claims 1-12 are cancelled. Claims 12, 15, and 26 are amended. Claims 13-32 are pending in this examination. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. This examination is in response to US Patent Application No. 17/232,127. Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission has been entered. Examiner Note AMENDMENTS TO THE SPECIFICATION: Please amend the Title as follows: Anonymized Location Aware User Model That Preserves User Privacy of Sensor Data Collected by A Smartphone. Examiner encourages Application to make all the independent claims with similar limitations and encourages Applicant to review the relevant references mentioned at the conclusion section of this office action. Response to Argument Applicant’s arguments with respect to independent claims for newly added limitation have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 13-20, 23-29, and 32-33 are rejected under 35 U.S.C. 103 as being unpatentable over “Pervasive Computing (7th international conference, pervasive 2009. Nara, Japon. May 2009, 421 pages (Book)/ On the Anonymity of Home/Work Location Pairs Philippe Golle and Kurt Partridge Palo Alto Research Center {pgolle, kurt}@parc.com pages 404-411”, hereinafter “Golle”,and in view of (US2016/0381507) issued to Bai, and in view of Grokop (US2013/0273941, and in view of Broadstone (US2012/0331561), and further in view of Zang (US8639221. Regarding claim 13, Golle discloses a method for providing an anonymized location aware user model that preserves user privacy, the method comprising [ Page 39, Trip Simulations for privacy, some location-based services require users to transmit location from their mobile device to a central server. These transmissions can be user-initiated and sporadic, such as a query to find nearby restaurants. Other location transmissions can be periodic and relatively frequent, like those querying for alerts about nearby friends, events, and advertising. These location transmissions and the responses from the server could be compromised by an attacker, resulting in a potentially sensitive privacy leak. One approach to bolstering privacy is to anonymize the location transmissions by stripping away any identifying information. The server often still requires a pseudonym, however, in order to know how to respond and to whom. It has been shown in [6] that an attacker can find a person’s home even with pseudonomized GPS tracks, and [10] shows how such an attack can go further and find the actual name of the victim based on publicly available street address listings. Even using completely anonymized tracks, with no pseudonym, [4] has shown how to find which location points belong together in the same track, effectively creating a pseudonym for each trip. Another commonly proposed technique for improving location privacy is obfuscation. This approach degrades the transmitted location in some way that reduces the chance that an attacker can find the potential victim’s true location. Obfuscation techniques include inaccuracy and imprecision, introduced for location privacy in [1]. Inaccuracy can be achieved by adding random noise to location measurements, and 26 J. Krumm imprecision can be achieved by snapping measurements to a grid…], and [Page 404-408, 1 Introduction Location-based services offer valuable applications to mobile users. To receive these services, users must disclose their location to service providers. This raises privacy concerns [6]. Location records, when analyzed, can reveal sensitive facts about an individual, such as business connections, political affiliations or medical conditions. Misuse of location data can lead to damaged reputation, harassment, mugging, as well as attacks on an individual’s home, friends or relatives…To minimize privacy concerns, the best practice is to collect the minimum amount of information needed. For location-based services, this principle of minimal collection typically means collecting anonymous or pseudonymous location data…We adopt a strong definition of privacy based on the concept of an anonymity set. The anonymity set associated with a location trace is the set of people from whom this trace may have been collected, given all information known to the data collector…Intentional degradation of location information quality, or obfuscation, is a well-known technique for preserving the anonymity, or pseudonymity, of location traces [2,3], but the question of how much obfuscation is required to preserve anonymity is often sidestepped. Our paper answers this question for location traces from which home and workplace locations can be deduced…Model of privacy. For the sake of example, assume that a subject is the only person in the U.S. who lives in a certain region A and works in a certain region B. The subject’s location trace is the only one with the home/workplace pair (A, B). It does not necessarily follow that the trace can be linked to the subject, as there may be no directory that links the pair (A, B) with the subject’s identity. But since the datasets that an adversary may use to re-identify location traces are not known a-priori, it is best to make the most conservative assumptions about them. Accordingly, we assume that if a unique link exists, it will be discovered. Our measure of privacy is the set of all people associated with the pair (A, B), called the anonymity set [8] of the pair. The larger the anonymity set, the larger the crowd one is indistinguishable from, and consequently the better the privacy protection one enjoys. Enlarging the regions, A and/or B (e.g., via location obfuscation) increases the size of the anonymity set, and thus the quality of privacy protection. The rest of this paper analyzes the size of the anonymity set of home/workplace location pairs for different region sizes, based on the census data described in the next section. …In this section, we study the size of the anonymity set for workers who reveal where they live and where they work at various degrees of granularity (census block, census tract, or county). The knowledge of home and work locations at the census block granularity is information that could be learned from a lightly obfuscated location trace (with noise or rounding on the order of a city block or less). With more obfuscation (on the order of a kilometer or so), a location trace would reveal only the census tract where the person lives and works. Heavy obfuscation (on the order of tens of kilometers) may only allow for inference of the county or counties where a person lives and works…], and wherein the location aware user model provides a recommendation to the user via the mobile computing device, and wherein the recommendation recommends that the user takes an action based on the sensor data and the associated heatspots [ Pages 404-407, Introduction, Location-based services offer valuable applications to mobile users. To receive these services, users must disclose their location to service providers. This raises privacy concerns [6]. Location records, when analyzed, can reveal sensitive facts about an individual, such as business connections, political affiliations or medical conditions. Misuse of location data can lead to damaged reputation, harassment, mugging, as well as attacks on an individual’s home, friends or relatives… To minimize privacy concerns, the best practice is to collect the minimum amount of information needed. For location-based services, this principle of minimal collection typically means collecting anonymous or pseudonymous location data [2]. A restaurant recommendation service, for example, can give adequate recommendations based on locations reported anonymously, or under a pseudonym linked to a profile of dining preferences…From a technical point of view, location traces can be On the Anonymity of Home/Work Location Pairs 393 anonymized or pseudonymized with help from a trusted network proxy. Mobile subscribers, for example, may trust their network provider to forward their location data anonymously to third party location-based service providers]. Examiner comment: the trusted network proxy accrues the users of the of the trusted service provider and users can take an action of providing Anonymity of Home/Work Location Pairs anonymized and suggest users to provide their location data anonymously to service provider. Golle does not explicitly disclose; however, BAI discloses: provides a recommendation to the user via the mobile computing device, and wherein the recommendation recommends that the user takes an action based on a wellness analysis [¶6, According to another embodiment of the present invention a mobile device disposable to be carried by a user from first to second locations and to thereby traverse cellular areas is provided and includes a networking unit, a processing unit and a storage unit having medical data and executable instructions stored thereon. When executed, the executable instructions cause the processing unit to execute a method including generating first data identifying traversed cellular areas and time spent by the mobile device in each, generating second data identifying the first and second locations as well as time spent by the mobile device in each and performing a wellness analysis of the user based on the medical data and the first and second data. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Golle, with the teaching of Bai in order to provide perform wellness analysis of the user based on the medical data , traversed cellular areas, and data identifying the first and second locations[ Bai, ¶6]. Bai does not explicitly disclose collecting, by a sensor capture module of a mobile computing device of a user, sensor data from a plurality of sensors installed on the mobile computing device while Golle discloses this limitation as: [Page 73, Introduction, 1. Introduction Mobile phones provide users with highly portable and connected computing devices. Moreover, the trend towards increased performance and inclusion of new sensors such as GPS and cameras in mobile phones make them a compelling platform for location-based services. Furthermore Grokop discloses this limitations as: [¶¶4-7, An example of a method of generating demographic statistics related to an event according to the disclosure includes using sensor data acquired at a mobile device to estimate a value for a category of a demographic model of a user of the mobile device; using sensor data acquired at the mobile device to detect an occurrence of the event in which the user of the mobile device participates; and associating the estimated value for the category of the demographic model of the user of the mobile device with the event. Embodiments of such a method may include one or more of the following features. The event includes consuming a media program. The media program is a television program. The event includes attending or participating in a live gathering of participants. The event includes being present at a geographic location. The occurrence of the event is detected using sensor data from one or more of a microphones, a GPS receiver, an accelerometer, a light sensor, a magnetometer, a gyroscope, a proximity sensor, a camera, a barometric pressure sensor, a temperature sensor, a capacitive touch sensor, a Wi-Fi detector, and a Bluetooth.TM. detector. At least one of estimation of the value and detection of the occurrence of the event also uses user content data including usage information from one or more of email content, calendar content, SMS text message content, social networks, and a contact list. The demographic model includes one or more of the following categories: age, gender, race, location, occupation, income, activity level, commute information, height, languages spoken, locations visited, and environments encountered. Using sensor data to estimate the value for the category of the demographic model of the user of the mobile device further includes assigning a confidence measure to the estimated value for the category. The method further includes updating an estimate of a value for a category of the demographic model based at least in part on detecting the occurrence of the event. The method is performed at a server in communication with the mobile device. An example of a system for generating demographic statistics related to an event includes a mobile device configured to: collect sensor data available at the mobile device; use at least some of the sensor data to estimate a value for a category of a demographic model of a user of the mobile device; transmit the estimated value for the category of the demographic model of the user to a server; use at least some of the sensor data to detect an occurrence of the event in which the user of the mobile device participates; and transmit information about the occurrence of the event to the server; and the server configured to: receive the estimated value for the category of the demographic model of the user from the mobile device; receive the information about the occurrence of the event from the mobile device… The mobile device is configured to collect the sensor data as sensor data from one or more of a microphone, a GPS receiver, an accelerometer, a light sensor, a magnetometer, a gyroscope, a proximity sensor, a camera, a barometric pressure sensor, a temperature sensor, a capacitive touch sensor, a Wi-Fi detector, and a Bluetooth.TM. detector. The mobile device is configured to collect user content data including usage information from one or more of email content, calendar content, SMS text message content, social networks, and a contact list; and at least one of estimation of the value and detection of the occurrence of the event also uses the user content data.], and [¶54, The anonymity of the user may be maintained in various ways and to various degrees. Near one extreme, the actual value for each category of the demographic model can be reported to the context assistance server 140, except for the user's name. Near the other extreme, the value for each category of the demographic model can be quantized into a small number of bins. For example, if a home location category is used in the demographic model, at one extreme, this can be reported at the level of exact street address (i.e., the actual or raw value for the category), and at the other extreme, this can be reported at the level of the country (i.e., where the value bins are the countries). The user may be given the option to select a level of anonymity. Alternatively, or in addition, a default option for the level of anonymity may be automatically selected but, may be overwritten by the user's anonymity]. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Golle, and Bai by incorporating “demographic statistics”, as taught by Grokop. One could have been motivated to do so in order for acquiring sensor data at a mobile device to estimate a value for a category of a demographic model of a user of the mobile device; using sensor data acquired at the mobile device to detect an occurrence of the event in which the user of the mobile device participates; and associating the estimated value for the category of the demographic model of the user of the mobile device with the event. [ Grokop, Abstract]. Golle, Bai, and Grokop do not explicitly disclose, however, Broadstone discloses: (b) processing the collected sensor data anonymously by associating the collected sensor data with individual heatspots, which represent geographical areas of distinct significance to the user; (c) labeling each of the heatspots with a unique identifier corresponding to one of the geographical areas [¶55, Individual location traces provide enough information to identify the home and workplace of individuals. It has been shown in Golle & Partridge, On the anonymity of home, work location pair (Golle, P.; Partridge, K. On the anonymity of home, work location pairs. Proceedings of the 7th International Conference on Pervasive Computing; 2009 May 11-14; Nara, Japan. Berlin: Springer; 2009; LNCS 5538: 390-397), that having this information, even at the spatial resolution of a Census Block, uniquely identifies individuals], and [¶¶59-60, In broad terms, embodiments of the present invention include a method and systems to build and maintain demographic estimates of mobile device owners while preserving the anonymity and privacy of the individual. This information is then used to establish dynamic or time-varying demographic information related to a location. Through the use of mobile computing devices in concert with location services, device and location demographic profiles can be computed in a time varying manner without compromising individual privacy. Embodiments of the invention determine a Device Demographic Profile based on where that device goes--the interaction with Location Demographic Profiles and potentially other DDPs the device comes near physically--without storing locations, or any trace that would allow discovery of where the device actually went before or after the fact. The only thing stored is the set of demographic attributes for the device (the DDP) and for the location (LDP). No latitude or longitude or description of a location that could uniquely identify a particular point on a map is stored in concert with a unique ID], and [ Claim 1. A method of estimating demographic information associated with a user of a mobile device while preserving the privacy of the user based at least in part on a location estimate of the mobile device of the user, the method comprising: (a) receiving an estimated geographical location of the mobile device of the user; (b) receiving a time at which the mobile device was at the estimated geographical location; (c) providing a set of substitute identifiers for a corresponding set of at least one geographical area; (d) assigning one of the set of substitute identifiers for the geographical area corresponding to the geographical location of the mobile device; (e) assigning a substitute identifier for the time at which the mobile device was at the estimated geographical location; (f) providing an association between the substitute identifiers for geographical areas and demographic information corresponding to the substituted geographical area; and (g) estimating demographic information associated with the user of the mobile device based on the assigned substitute identifiers and based on the demographic information associated with the provided set of substitute identifiers]. Examiner comment: As stated by Broadstone Individual location traces provide enough information to identify the home and workplace (equated to geographical areas of distinct significance) of individuals, receiving an estimated geographical location of the mobile device of the user; providing a set of substitute identifiers for a corresponding set of at least one geographical area; assigning one of the sets of substitute identifiers for the geographical area corresponding to the geographical location of the mobile device; providing an association between the substitute identifiers for geographical areas and demographic information corresponding to the substituted geographical area, and through the use of mobile computing devices in concert with location services, device and location demographic profiles can be computed in a time varying manner without compromising individual privacy. Embodiments of the invention determine a Device Demographic Profile based on where that device goes--the interaction with Location Demographic Profiles and potentially other DDPs the device comes near physically--without storing locations, or any trace that would allow discovery of where the device actually went before or after the fact]. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Golle, Bai and Grokop, by incorporating “demographic profiling”, as taught by Broadstone. One could have been motivated to do so in order to provide privacy preserving mobile demographic measurement of individuals, groups, and locations over time and space. A method of estimating demographic information associated with a user of a mobile device and/or a location while preserving the privacy of the user based at least in part on a location estimate of the mobile device of the user includes receiving an estimated geographical location of the mobile device of the user and receiving a time at which the mobile device was at the estimated geographical location. [ Broadstone, Abstract]. Golle, Bai, Grokop, and Broadstone do not explicitly disclose, however, Zang discloses: (d) generating, by a server, the anonymized location aware user model based on the unique identifiers of heatspots, wherein no information identifying the actual geographic areas in which the sensor data was sensed is transmitted to the server, wherein the unique identifier does not reveal any geographical area [ Col. 7 lines 29-48, FIG. 4 also shows a few anonymized event records 442, and 444, which are abstracted event records from event record 432. This different event records 442 and 444 show some ways of anonymizing the data in an event record. Event record 442 may be anonymized by eliminating of data of event record 432. The sector and cell identification have been eliminated, thereby reducing the possibility that one of the frequented locations by the user of communication device 103 is less likely to be determined. This may make it less likely that the user of communication device 103 may be identified from the information found in the event records of that user. Another method of anonymizing the event record of the user of communication device 103 may be to eliminate a time period of various records of that user (not shown). For Example, the event records including the location information of cell 330 and zip code 340 may be eliminated to obscure that location frequented by user C. This may also generally anonymize one or more of the frequented locations of user C, thereby making it more difficult to identify the user C from the event records (equated to model)], and [ FIG. 4 shows sample event records of mobility data] Furthermore, Broadstone also discloses this limitation as: [¶¶59-60, In broad terms, embodiments of the present invention include a method and systems to build and maintain demographic estimates of mobile device owners while preserving the anonymity and privacy of the individual. This information is then used to establish dynamic or time-varying demographic information related to a location. Through the use of mobile computing devices in concert with location services, device and location demographic profiles can be computed in a time varying manner without compromising individual privacy. Embodiments of the invention determine a Device Demographic Profile based on where that device goes--the interaction with Location Demographic Profiles and potentially other DDPs the device comes near physically--without storing locations, or any trace that would allow discovery of where the device actually went before or after the fact. The only thing stored is the set of demographic attributes for the device (the DDP) and for the location (LDP). No latitude or longitude or description of a location that could uniquely identify a particular point on a map is stored in concert with a unique ID], and [ Claim 1. A method of estimating demographic information associated with a user of a mobile device while preserving the privacy of the user based at least in part on a location estimate of the mobile device of the user, the method comprising: (a) receiving an estimated geographical location of the mobile device of the user; (b) receiving a time at which the mobile device was at the estimated geographical location; (c) providing a set of substitute identifiers for a corresponding set of at least one geographical area; (d) assigning one of the set of substitute identifiers for the geographical area corresponding to the geographical location of the mobile device; (e) assigning a substitute identifier for the time at which the mobile device was at the estimated geographical location; (f) providing an association between the substitute identifiers for geographical areas and demographic information corresponding to the substituted geographical area; and (g) estimating demographic information associated with the user of the mobile device based on the assigned substitute identifiers and based on the demographic information associated with the provided set of substitute identifiers]. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Golle, Bai, and Grokop, and Broadstone by incorporating “event record anonymization (equated to anonymized model)”, by Zang. One could have been motivated to do so in order by eliminating of data of event record, The sector and cell identification have been eliminated, thereby reducing the possibility that one of the frequented locations by the user of communication device is less likely to be determined [ Zang, Col. 7 lines 29-48, see FIG. 4]. Regarding claim 14, wherein the collected sensor data is selected from the group consisting of: accelerometer data, activity data, data about installed applications on the mobile computing device, data about a battery level of the mobile computing device, data about Bluetooth beacons in a heatspot, call logs, data about the mobile computing device including model, data indicating whether a headset of the mobile computing device is plugged in, internet logs, current lux level, data indicating whether music is playing, ambient noise level, pedometer data, network data about the mobile computing device including roaming, operator, TX/RX data, mobile versus WiFi, airplane mode, data about establishments in the heatspot, data indicating whether a screen of the mobile computing device is on, SMS logs, data indicating activity transitions of the user, and data indicating walking dynamics of the user Bai, and Broadstone, and Zang do not explicitly disclose, however, Golle discloses this limitation as: [Page 73, Introduction, 1. Introduction Mobile phones provide users with highly portable and connected computing devices. Moreover, the trend towards increased performance and inclusion of new sensors such as GPS and cameras in mobile phones make them a compelling platform for location-based services. Furthermore Grokop discloses this limitations as: [¶¶4-7, An example of a method of generating demographic statistics related to an event according to the disclosure includes using sensor data acquired at a mobile device to estimate a value for a category of a demographic model of a user of the mobile device; using sensor data acquired at the mobile device to detect an occurrence of the event in which the user of the mobile device participates; and associating the estimated value for the category of the demographic model of the user of the mobile device with the event. Embodiments of such a method may include one or more of the following features. The event includes consuming a media program. The media program is a television program. The event includes attending or participating in a live gathering of participants. The event includes being present at a geographic location. The occurrence of the event is detected using sensor data from one or more of a microphone, a GPS receiver, an accelerometer, a light sensor, a magnetometer, a gyroscope, a proximity sensor, a camera, a barometric pressure sensor, a temperature sensor, a capacitive touch sensor, a Wi-Fi detector, and a Bluetooth.TM. detector. At least one of estimation of the value and detection of the occurrence of the event also uses user content data including usage information from one or more of email content, calendar content, SMS text message content, social networks, and a contact list. The demographic model includes one or more of the following categories: age, gender, race, location, occupation, income, activity level, commute information, height, languages spoken, locations visited, and environments encountered. Using sensor data to estimate the value for the category of the demographic model of the user of the mobile device further includes assigning a confidence measure to the estimated value for the category. The method further includes updating an estimate of a value for a category of the demographic model based at least in part on detecting the occurrence of the event. The method is performed at a server in communication with the mobile device. An example of a system for generating demographic statistics related to an event includes a mobile device configured to: collect sensor data available at the mobile device; use at least some of the sensor data to estimate a value for a category of a demographic model of a user of the mobile device; transmit the estimated value for the category of the demographic model of the user to a server; use at least some of the sensor data to detect an occurrence of the event in which the user of the mobile device participates; and transmit information about the occurrence of the event to the server; and the server configured to: receive the estimated value for the category of the demographic model of the user from the mobile device; receive the information about the occurrence of the event from the mobile device… The mobile device is configured to collect the sensor data as sensor data from one or more of a microphone, a GPS receiver, an accelerometer, a light sensor, a magnetometer, a gyroscope, a proximity sensor, a camera, a barometric pressure sensor, a temperature sensor, a capacitive touch sensor, a Wi-Fi detector, and a Bluetooth.TM. detector. The mobile device is configured to collect user content data including usage information from one or more of email content, calendar content, SMS text message content, social networks, and a contact list; and at least one of estimation of the value and detection of the occurrence of the event also uses the user content data.], and [¶54, The anonymity of the user may be maintained in various ways and to various degrees. Near one extreme, the actual value for each category of the demographic model can be reported to the context assistance server 140, except for the user's name. Near the other extreme, the value for each category of the demographic model can be quantized into a small number of bins. For example, if a home location category is used in the demographic model, at one extreme, this can be reported at the level of exact street address (i.e., the actual or raw value for the category), and at the other extreme, this can be reported at the level of the country (i.e., where the value bins are the countries). The user may be given the option to select a level of anonymity. Alternatively, or in addition, a default option for the level of anonymity may be automatically selected but, may be overwritten by the user's anonymity]. Regarding claim 15, A method for preserving privacy of sensor data, the method comprising: collecting the sensor data from a plurality of sensors installed on a mobile computing device of a user; grouping the sensor data by a plurality of heatspots in which the sensor data was sensed by the mobile computing device, wherein each of the heatspots represents a geographic area that has a predetermined significance to the user; labeling each of the heatspots with a unique identifier associated with the representing geographic area; and transmitting from the mobile computing device the collected sensor data together with the unique identifier of the heatspot in which the sensor data was sensed, wherein information identifying the actual geographic area in which the sensor data was sensed is not transmitted. This claim interpreted and rejected for the same rational ser forth in claim 1 applying the content of references applied in claim 1. Regarding claim 16, Golle, Bai, Grokop, Broadstone do not explicitly disclose, however, Zang discloses, wherein the transmitting of the collected sensor data together with the unique identifier of the heatspot does not reveal the physical whereabouts of the user [ Col. 7 lines 29-48, FIG. 4 also shows a few anonymized event records 442, and 444, which are abstracted event records from event record 432. This different event records 442 and 444 show some ways of anonymizing the data in an event record. Event record 442 may be anonymized by eliminating of data of event record 432. The sector and cell identification have been eliminated, thereby reducing the possibility that one of the frequented locations by the user of communication device 103 is less likely to be determined. This may make it less likely that the user of communication device 103 may be identified from the information found in the event records of that user. Another method of anonymizing the event record of the user of communication device 103 may be to eliminate a time period of various records of that user (not shown). For Example, the event records including the location information of cell 330 and zip code 340 may be eliminated to obscure that location frequented by user C. This may also generally anonymize one or more of the frequented locations of user C, thereby making it more difficult to identify the user C from the event records]. Regarding claim 17, Golle discloses wherein a first of the plurality of heatspots is t home of the user, and wherein a second of the plurality of heatspots is a workplace of the user (Page 404-408, anonymity set of home/workplace location pairs]. Regarding claim 18, transmitting from the mobile computing device the collected sensor data together with a timestamp indicative of when the sensor data was sensed Golle, Bai, and Grokop, do not explicitly disclose, however, Broadstone discloses [¶55, Individual location traces provide enough information to identify the home and workplace of individuals. It has been shown in Golle & Partridge, On the anonymity of home, work location pair (Golle, P.; Partridge, K. On the anonymity of home, work location pairs. Proceedings of the 7th International Conference on Pervasive Computing; 2009 May 11-14; Nara, Japan. Berlin: Springer; 2009; LNCS 5538: 390-397), that having this information, even at the spatial resolution of a Census Block, uniquely identifies individuals], and [¶¶59-60, In broad terms, embodiments of the present invention include a method and systems to build and maintain demographic estimates of mobile device owners while preserving the anonymity and privacy of the individual. This information is then used to establish dynamic or time-varying demographic information related to a location. Through the use of mobile computing devices in concert with location services, device and location demographic profiles can be computed in a time varying manner without compromising individual privacy. Embodiments of the invention determine a Device Demographic Profile based on where that device goes--the interaction with Location Demographic Profiles and potentially other DDPs the device comes near physically--without storing locations, or any trace that would allow discovery of where the device actually went before or after the fact. The only thing stored is the set of demographic attributes for the device (the DDP) and for the location (LDP). No latitude or longitude or description of a location that could uniquely identify a particular point on a map is stored in concert with a unique ID], and [ Claim 1. A method of estimating demographic information associated with a user of a mobile device while preserving the privacy of the user based at least in part on a location estimate of the mobile device of the user, the method comprising: (a) receiving an estimated geographical location of the mobile device of the user; (b) receiving a time at which the mobile device was at the estimated geographical location; (c) providing a set of substitute identifiers for a corresponding set of at least one geographical area; (d) assigning one of the set of substitute identifiers for the geographical area corresponding to the geographical location of the mobile device; (e) assigning a substitute identifier for the time at which the mobile device was at the estimated geographical location; (f) providing an association between the substitute identifiers for geographical areas and demographic information corresponding to the substituted geographical area; and (g) estimating demographic information associated with the user of the mobile device based on the assigned substitute identifiers and based on the demographic information associated with the provided set of substitute identifiers]. Furthermore, Zang discloses: [ Col. 7 lines 29-48, FIG. 4 also shows a few anonymized event records 442, and 444, which are abstracted event records from event record 432. This different event records 442 and 444 show some ways of anonymizing the data in an event record. Event record 442 may be anonymized by eliminating of data of event record 432. The sector and cell identification have been eliminated, thereby reducing the possibility that one of the frequented locations by the user of communication device 103 is less likely to be determined. This may make it less likely that the user of communication device 103 may be identified from the information found in the event records of that user. Another method of anonymizing the event record of the user of communication device 103 may be to eliminate a time period of various records of that user (not shown). For Example, the event records including the location information of cell 330 and zip code 340 may be eliminated to obscure that location frequented by user C. This may also generally anonymize one or more of the frequented locations of user C, thereby making it more difficult to identify the user C from the event records]. Regarding claim 19, further comprising: transmitting from the mobile computing device the collected sensor data together with a timestamp indicative of when the mobile computing device entered the heatspot Golle, Bai, and Grokop, do not explicitly disclose, however, Broadstone discloses [¶55, Individual location traces provide enough information to identify the home and workplace of individuals. It has been shown in Golle & Partridge, On the anonymity of home, work location pair (Golle, P.; Partridge, K. On the anonymity of home, work location pairs. Proceedings of the 7th International Conference on Pervasive Computing; 2009 May 11-14; Nara, Japan. Berlin: Springer; 2009; LNCS 5538: 390-397), that having this information, even at the spatial resolution of a Census Block, uniquely identifies individuals], and [¶¶59-60, In broad terms, embodiments of the present invention include a method and systems to build and maintain demographic estimates of mobile device owners while preserving the anonymity and privacy of the individual. This information is then used to establish dynamic or time-varying demographic information related to a location. Through the use of mobile computing devices in concert with location services, device and location demographic profiles can be computed in a time varying manner without compromising individual privacy. Embodiments of the invention determine a Device Demographic Profile based on where that device goes--the interaction with Location Demographic Profiles and potentially other DDPs the device comes near physically--without storing locations, or any trace that would allow discovery of where the device actually went before or after the fact. The only thing stored is the set of demographic attributes for the device (the DDP) and for the location (LDP). No latitude or longitude or description of a location that could uniquely identify a particular point on a map is stored in concert with a unique ID], and [ Claim 1. A method of estimating demographic information associated with a user of a mobile device while preserving the privacy of the user based at least in part on a location estimate of the mobile device of the user, the method comprising: (a) receiving an estimated geographical location of the mobile device of the user; (b) receiving a time at which the mobile device was at the estimated geographical location; (c) providing a set of substitute identifiers for a corresponding set of at least one geographical area; (d) assigning one of the set of substitute identifiers for the geographical area corresponding to the geographical location of the mobile device; (e) assigning a substitute identifier for the time at which the mobile device was at the estimated geographical location; (f) providing an association between the substitute identifiers for geographical areas and demographic information corresponding to the substituted geographical area; and (g) estimating demographic information associated with the user of the mobile device based on the assigned substitute identifiers and based on the demographic information associated with the provided set of substitute identifiers]. Furthermore, Zang discloses: [ Col. 7 lines 29-48, FIG. 4 also shows a few anonymized event records 442, and 444, which are abstracted event records from event record 432. This different event records 442 and 444 show some ways of anonymizing the data in an event record. Event record 442 may be anonymized by eliminating of data of event record 432. The sector and cell identification have been eliminated, thereby reducing the possibility that one of the frequented locations by the user of communication device 103 is less likely to be determined. This may make it less likely that the user of communication device 103 may be identified from the information found in the event records of that user. Another method of anonymizing the event record of the user of communication device 103 may be to eliminate a time period of various records of that user (not shown). For Example, the event records including the location information of cell 330 and zip code 340 may be eliminated to obscure that location frequented by user C. This may also generally anonymize one or more of the frequented locations of user C, thereby making it more difficult to identify the user C from the event records]. Regarding claim 20, Golle discloses providing a recommendation to the user of the mobile computing device that depends on the heatspot in which the sensor data was sensed [ Pages 404-407, Introduction, Location-based services offer valuable applications to mobile users. To receive these services, users must disclose their location to service providers. This raises privacy concerns [6]. Location records, when analyzed, can reveal sensitive facts about an individual, such as business connections, political affiliations or medical conditions. Misuse of location data can lead to damaged reputation, harassment, mugging, as well as attacks on an individual’s home, friends or relatives… To minimize privacy concerns, the best practice is to collect the minimum amount of information needed. For location-based services, this principle of minimal collection typically means collecting anonymous or pseudonymous location data [2]. A restaurant recommendation service, for example, can give adequate recommendations based on locations reported anonymously, or under a pseudonym linked to a profile of dining preferences…From a technical point of view, location traces can be On the Anonymity of Home/Work Location Pairs 393 anonymized or pseudonymized with help from a trusted network proxy. Mobile subscribers, for example, may trust their network provider to forward their location data anonymously to third party location-based service providers] Regarding claim 23, wherein the sensor data is selected from the group consisting of: accelerometer data, pedometer data, data listing Bluetooth beacons identified by the mobile computing device, call logs of the mobile computing device, short message service (SMS) logs, and web surfing history on the mobile computing device This claim is interpreted and rejected for the same rational set forth in claim 14. Regarding claim 24, Golle, Bai, Grokop, Broadstone, do not explicitly disclose, However, Zang discloses wherein the heatspots correspond to geographic areas whose radii range from five meters to a kilometer [ Col. 7 lines 29-48, FIG. 4 also shows a few anonymized event records 442, and 444, which are abstracted event records from event record 432. This different event records 442 and 444 show some ways of anonymizing the data in an event record. Event record 442 may be anonymized by eliminating of data of event record 432. The sector and cell identification have been eliminated, thereby reducing the possibility that one of the frequented locations by the user of communication device 103 is less likely to be determined. This may make it less likely that the user of communication device 103 may be identified from the information found in the event records of that user. Another method of anonymizing the event record of the user of communication device 103 may be to eliminate a time period of various records of that user (not shown). For Example, the event records including the location information of cell 330 and zip code 340 may be eliminated to obscure that location frequented by user C. This may also generally anonymize one or more of the frequented locations of user C, thereby making it more difficult to identify the user C from the event records]. Regarding claim 25, further comprising: generating a location aware user model for the user using the collected sensor data and the unique identifier of the heatspot received from the mobile computing device Golle, Bai, and Grokop, do not explicitly disclose, however, Broadstone discloses [¶55, Individual location traces provide enough information to identify the home and workplace of individuals. It has been shown in Golle & Partridge, On the anonymity of home, work location pair (Golle, P.; Partridge, K. On the anonymity of home, work location pairs. Proceedings of the 7th International Conference on Pervasive Computing; 2009 May 11-14; Nara, Japan. Berlin: Springer; 2009; LNCS 5538: 390-397), that having this information, even at the spatial resolution of a Census Block, uniquely identifies individuals], and [¶¶59-60, In broad terms, embodiments of the present invention include a method and systems to build and maintain demographic estimates of mobile device owners while preserving the anonymity and privacy of the individual. This information is then used to establish dynamic or time-varying demographic information related to a location. Through the use of mobile computing devices in concert with location services, device and location demographic profiles can be computed in a time varying manner without compromising individual privacy. Embodiments of the invention determine a Device Demographic Profile based on where that device goes--the interaction with Location Demographic Profiles and potentially other DDPs the device comes near physically--without storing locations, or any trace that would allow discovery of where the device actually went before or after the fact. The only thing stored is the set of demographic attributes for the device (the DDP) and for the location (LDP). No latitude or longitude or description of a location that could uniquely identify a particular point on a map is stored in concert with a unique ID], and [ Claim 1. A method of estimating demographic information associated with a user of a mobile device while preserving the privacy of the user based at least in part on a location estimate of the mobile device of the user, the method comprising: (a) receiving an estimated geographical location of the mobile device of the user; (b) receiving a time at which the mobile device was at the estimated geographical location; (c) providing a set of substitute identifiers for a corresponding set of at least one geographical area; (d) assigning one of the set of substitute identifiers for the geographical area corresponding to the geographical location of the mobile device; (e) assigning a substitute identifier for the time at which the mobile device was at the estimated geographical location; (f) providing an association between the substitute identifiers for geographical areas and demographic information corresponding to the substituted geographical area; and (g) estimating demographic information associated with the user of the mobile device based on the assigned substitute identifiers and based on the demographic information associated with the provided set of substitute identifiers]. Furthermore, Zang discloses: [ Col. 7 lines 29-48, FIG. 4 also shows a few anonymized event records 442, and 444, which are abstracted event records from event record 432. This different event records 442 and 444 show some ways of anonymizing the data in an event record. Event record 442 may be anonymized by eliminating of data of event record 432. The sector and cell identification have been eliminated, thereby reducing the possibility that one of the frequented locations by the user of communication device 103 is less likely to be determined. This may make it less likely that the user of communication device 103 may be identified from the information found in the event records of that user. Another method of anonymizing the event record of the user of communication device 103 may be to eliminate a time period of various records of that user (not shown). For Example, the event records including the location information of cell 330 and zip code 340 may be eliminated to obscure that location frequented by user C. This may also generally anonymize one or more of the frequented locations of user C, thereby making it more difficult to identify the user C from the event records]. Regarding claim 26, This claim interpreted and rejected for the same rational ser forth in claim 1 applying the content of reference applied in claim 1. Regarding claim 27, wherein a mobile app running on the mobile computing device groups the sensor data by the plurality of heatspots Bai, Broadstone, and Zang do not explicitly disclose, however: Golle discloses this limitation as: [ Page 73, introduction]. Furthermore, Grokop discloses this limitation as: [¶¶4-7, 54]. Regarding claim 28, wherein the mobile computing device transmits to the server the collected sensor data together with a timestamp indicative of when the sensor data was sensed Golle, Bai, and Grokop do not explicitly disclose, however: Broadstone discloses this limitation: [ ¶¶55, 59-60, claim 1]. Furthermore, Zang discloses: [ Col. 7 lines 29-48]. Regarding claim 29, Sibren discloses, wherein the mobile computing device transmits to the server the collected sensor data together with timestamps indicative of when the mobile computing device entered each of the heatspots Golle, Bai, and Grokop do not explicitly disclose, however: Broad stone discloses this limitation: [ ¶¶55, 59-60, claim 1]. Furthermore, Zang discloses: [ Col. 7 lines 29-48]. Regarding claim 32, wherein the sensor data is selected from the group consisting of: location data of the mobile computing device, accelerometer data of the mobile computing device, pedometer data of the mobile computing device, data listing Bluetooth beacons identified by the mobile computing device, call logs of the mobile computing device, short message service (SMS) logs of the mobile computing device, internet history on the mobile computing device, data about applications installed on the mobile computing device, data about a battery level of the mobile computing device, data identifying a model of the mobile computing device, and network data relating to the mobile computing device . Bai, Broadstone, and Zang do not explicitly disclose, however: Golle discloses this limitation as: [ Page 73, introduction]. Furthermore, Grokop discloses this limitation as: [¶¶4-7, 54]. Claims 21-22, and 31 rejected under 35 U.S.C. 103 as being unpatentable over “Pervasive Computing (7th international conference, pervasive 2009. Nara, Japon. May 2009, 421 pages (Book)/ On the Anonymity of Home/Work Location Pairs Philippe Golle and Kurt Partridge Palo Alto Research Center {pgolle, kurt}@parc.com pages 404-411”, hereinafter “Golle”, further in view of (US2016/0381507) issued to Bai, and further in view of Grokop (US2013/0273941, and further in view of Broadstone (US2012/0331561), and further in view of Zang (US8639221), and further in view of Critofaro (US2014/0089049). Regarding claims 21, Golle, Bai, Grokop, Broadstone, Zang do not explicitly disclose, However, Critofaro discloses wherein the unique identifier is obfuscated using a hashing technique, further comprising: receiving onto the mobile computing device an indication of the hashing technique, wherein the unique identifier is transmitted from the mobile computing device after being obfuscated using the hashing technique [¶¶62-63, In some embodiments, each location in the location history may be encrypted, for example with a cryptographic hash, with less granularity than is measured, such that the location history is not readily discerned by inspecting the device, and survey criteria may be evaluated by applying the same cryptographic hash to the location in the criteria to determine whether the hash value matches one in memory. For instance, a zip code of 78703 and time stamp of Sep. 1, 2012 5 PM may be added to the location history by applying a MD5, SHA-0, SHA-1 or other cryptographic hash algorithm to the string "78703 Sep. 1, 2012 5 PM," and storing the resulting value. And in this example, if the user moves to a different zip code of 78701 an hour later, another entry may be added by applying the same hash function to, e.g., 78701 Sep. 1, 2012 6 PM." This technique may be applied by recording location history at a lower level of granularity than latitude and longitude, for example at the level of zip code or by truncating less significant digits from a latitude and longitude of the location measured by the client device. Similar transformations may be performed on timestamps, for example truncating timestamps to individual days, or hours… or example if locations and times in the location history are expressed in encrypted zip codes]. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Golle, Bai, Grokop, Broadstone, Zang by incorporating “location encryption in the location history with cryptographic hash”, as taught by Critofaro. One could have been motivated to do so such that the location history is not readily discerned by inspecting the device [ Critofaro, Pages 62]. Regarding claim 22, Golle, Bai, Grokop, Broadstone, Zang do not explicitly disclose, However, Critofaro discloses wherein the unique identifier is encrypted using at least a part of location coordinates associated with the geographic area [¶¶62-63, In some embodiments, each location in the location history may be encrypted, for example with a cryptographic hash, with less granularity than is measured, such that the location history is not readily discerned by inspecting the device, and survey criteria may be evaluated by applying the same cryptographic hash to the location in the criteria to determine whether the hash value matches one in memory. For instance, a zip code of 78703 and time stamp of Sep. 1, 2012 5 PM may be added to the location history by applying a MD5, SHA-0, SHA-1 or other cryptographic hash algorithm to the string "78703 Sep. 1, 2012 5 PM," and storing the resulting value. And in this example, if the user moves to a different zip code of 78701 an hour later, another entry may be added by applying the same hash function to, e.g., 78701 Sep. 1, 2012 6 PM." This technique may be applied by recording location history at a lower level of granularity than latitude and longitude, for example at the level of zip code or by truncating less significant digits from a latitude and longitude of the location measured by the client device. Similar transformations may be performed on timestamps, for example truncating timestamps to individual days, or hours… or example if locations and times in the location history are expressed in encrypted zip codes]. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Golle, Bai, Grokop, Broadstone, Zang by incorporating “location encryption in the location history with cryptographic hash”, as taught by Critofaro. One could have been motivated to do so such that the location history is not readily discerned by inspecting the device [ Critofaro, Pages 62]. Regarding claim 31, this claim is interpreted and rejected for the same rational set forth in claim 21. Claim 30 is rejected under 35 U.S.C. 103 as being unpatentable over “Pervasive Computing (7th international conference, pervasive 2009. Nara, Japon. May 2009, 421 pages (Book)/ On the Anonymity of Home/Work Location Pairs Philippe Golle and Kurt Partridge Palo Alto Research Center {pgolle, kurt}@parc.com pages 404-411”, hereinafter “Golle”, further in view of (US2016/0381507) issued to Bai, and in view of Grokop (US2013/0273941, and further in view of Broadstone (US2012/0331561), and further in view of Zang (US8639221, further in view of (US9662391) issued to Hyde Regarding claim 30, Golle, Grokop, Broadstone, and Zang do not explicitly disclose, however BAI, and Hyde disclose wherein the recommendation recommends that the user engage in an interactive therapy Hyde discloses [claim 32, implementing, at least partly via the at least one user interface of the smartphone device, at least one interactive digital therapy application to tutor the individual with respect to the at least one of the one or more of the following indications: mood change, impairment of perception or expression of reality, auditory hallucination, paranoid or bizarre delusion, disorganized speech, or disorganized thinking]. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Golle, Bai, Grokop, Broadstone, and Zang with the teaching of Hyde in order to provide interactive digital therapy to treat addiction, deep breathing assistant, treat anxiety and etc. for user of the smartphone [ Hyde, claims 32-34, 37]. And furthermore, BAI discloses [¶6, According to another embodiment of the present invention a mobile device disposable to be carried by a user from first to second locations and to thereby traverse cellular areas is provided and includes a networking unit, a processing unit and a storage unit having medical data and executable instructions stored thereon. When executed, the executable instructions cause the processing unit to execute a method including generating first data identifying traversed cellular areas and time spent by the mobile device in each, generating second data identifying the first and second locations as well as time spent by the mobile device in each and performing a wellness analysis of the user based on the medical data and the first and second data. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Golle, Hyde Grokop, Broadstone, and Zang with the teaching of Bai in order to provide perform wellness analysis of the user based on the medical data , traversed cellular areas, and data identifying the first and second locations[ Bai, ¶6]. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. NODA, YUKI(WO2018/101119A1) [ Page 25, FIG. 27 is an explanatory diagram showing an example of a record layout of the address DB 145. The address DB 145 is stored in, for example, the large capacity storage unit 14. The address DB 145 includes an ID column, a zip code column, and an address column. The ID column stores the user ID. The postal code string stores an encrypted version of the user's postal code. The address string stores the encrypted address of the user. A known technique can be used as an algorithm for encrypting the postal code and the address]. Aissi (US20140052999) [ see FIG 3, [0045] With reference to FIG. 3, a more detailed illustration of an exemplary embodiment of a searchable encrypted database 300 is shown. The searchable encrypted database 300 may be configured to store encrypted data records and searchable field indices associated with the encrypted data records. Some possible data fields that may be included in the sensitive data records and searchable field indices are described. The searchable encrypted database 300 may comprise more than one database, and the databases may be in the same location or may be remotely located. In some embodiments, data stored in the searchable encrypted database 300 may include personal information. For example, the searchable encrypted database 300 may comprise a plurality of encrypted data fields such as name field 302, date of birth field 303, primary account number (PAN) field 304, social security number (SSN) field 305, and address field 306. The searchable encrypted database 300 may also include one or more searchable field indices, such as name index 307, day and month of birth index 308, PAN (last 4) index 309, SSN (last 4) index 310, and ZIP code index 311. [0051] Address field 306 may include a user's address (user location). The address may be a mailing address, billing address, residential address, or any other suitable address associated with the user. The address may be represented using a street name and number, geographic coordinates, or any other suitable means. For example, for user jsmith45, address field 306 may comprise "123 Main St, San Francisco, Calif., 94111”. [0052] In various embodiments of the invention, encrypted data fields 301-306 comprising an encrypted data record may be individually or collectively encrypted, such as with a database encryption key. The encrypted data record may be associated with one or more searchable field indices 307-311, as described below. [0057] ZIP code index 311 may include an index comprising a zip code associated with a user. Since the zip code of a user is typically not considered sensitive data, it may be stored in plaintext in the index 311. For example, for a user jsmith45 whose address is "123 Main St, San Francisco, Calif., 94111", the string "94111" may be stored in day zip code index 311 for the user. Thus, a search parameter comprising the zip code "94111" may be used to retrieve an encrypted data record for user jsmith45 from index 311. Fletcher (US2014/0129628) [[0039] Process 400 may also include determining location information associated with the user device (block 420). For example, data server 230 may determine location information associated with the user device based on receiving the communication data from switch 220. In some implementations, the communication data may include a user device ID associated with user device 210. Additionally, the communication data may include the location information (e.g., based on information provided by a global positioning system (GPS) of user device 210 and/or based on location information associated with particular device(s) in wireless service provider network 260 with which user device 210 connects) and may also include a timestamp associated with the location information. [0040] Process 400 may further include generating a virtual ID (block 430). For example, data server 230 may generate a virtual ID associated with the user device ID based on information associated with the user device ID or a user of user device 210. For example, the virtual ID may generated based on a user ID, such as a username, a password, an email address, a personal identification number (PIN), or the like. In some implementations, the virtual ID may correspond to information associated with the user device ID, such as a mobile equipment identifier (MEID), an international mobile equipment identifier (IMEI), a mobile directory number (MDN), an international mobile subscriber identity (IMSI), an electronic serial number (ESN), a universal integrated circuit card (UICC) identifier, a mobile identification number (MIN), a mobile subscriber integrated services digital network (MSISDN) number, a national access identifier (NAI), or the like. In some implementations, the virtual ID may correspond to a combination of a user ID and a user device ID. As described above, the virtual ID may be used to anonymize the user device ID such that anonymized storage 240 may store anonymized location data.].[0023] Data server 230 may include a server device or a collection of server devices. In some implementations, data server 230 may receive user device identifiers, location information, and/or timestamps, associated with communication signals of user device 210. As described above, data server 230 may anonymize location information, associated with a user device ID, by associating the user device ID with a virtual ID. In some implementations, data server 230 may provide anonymized location information to an anonymized storage, such as a storage associated with anonymized storage 240. [0046] Location information field 520 may store location information corresponding to a particular user device 210 associated with the virtual ID stored by virtual ID field 510. In some implementations, information stored by location information field 520 may correspond to information provided by data server 230 relating to location information associated with the particular user device 210 associated with the virtual ID stored by virtual ID field 510. As shown in FIG. 5A, location information field 520 may store location information in the form of longitude and latitude coordinates. Additionally, or alternatively, location information field 520 may store location information in some other form (e.g., a city, a state, a country, a particular area, etc.). As an example, assume that that the user device 210 associated with the virtual ID of 12334ABCD was at the location associated with longitude and latitude coordinates 2.3456, -3.2111. Location information field 520 may store information, such as 2.3456,-3.2111 to identify longitude and latitude coordinates associated with the location of the user device 210 associated with the virtual ID of 12334ABCD.0051] Virtual ID field 560 may store information regarding a virtual ID for a corresponding user device ID when data server 230 generates a virtual ID for user device 210, as described above with respect to process 400. Like virtual ID field 510, virtual ID field 560 may store a virtual ID in the form of a string of characters in any format. In some implementations, virtual ID field 560 may map to a user device ID such that the user device ID may not be received by anonymized storage 240 (e.g., when data server 230 provides anonymized storage 240 with location information associated with user device 210). In an example shown in FIG. 5B, virtual ID field 560 may store the character string 12334ABCD. While a particular format and length of character string stored by virtual ID field 560 is shown in FIG. 5B, in practice, a character string in any format and any length may be stored by virtual ID field 560.[0052] User device ID field 570 may store information regarding a user device ID associated with a particular user device 210 and mapped to a virtual ID stored by virtual ID field 560. In some implementations, user device ID field 570 may store a user device ID relating to an international mobile equipment identifier (IMEI), a telephone number, or some other identifier relating to user device 210. In an example shown in FIG. 5B, user device ID field 570 may store a user device ID of 490154203237515 mapped to the virtual ID of 12334ABCD. While a particular format and length of character string stored by user ID field 570 is shown in FIG. 5B, in practice, a character string in any format and any length may be stored by user ID field 570. Braghin (US2017/0083408) [Abstract, A mechanism is provided for anonymizing sequential and location datasets. Responsive to receiving the sequential and location datasets from an enterprise, the sequential and location datasets are scanned to expose a set of privacy vulnerabilities. A set of privacy constraints P is generated based on the set of discovered privacy vulnerabilities and a set of utility constraints U is identified. The sequential and location datasets is anonymized using the set of privacy constraints P and the set of utility constraints U thereby forming an anonymized dataset. The anonymized dataset is then returned to the enterprise]. Chakra (US9763047) [ Abstract, Approaches presented herein enable servicing a location request for a user device by providing anonymized location data. Specifically, a location request for a user device is received from an application server associated with a location-based/location-tracking application. Based on an application setting option associated with the location-based/location-tracking application, a geographic cell is defined. A set of available participating devices within the geographic cell is identified. A participating device is selected from the set of available participating devices. The location request is routed to the selected participating device, wherein the selected participating device forwards a location of the selected participating device to the application server (53, 55, 58 63)]. Badstieber (US2015/0067881) [0055] In addition, provision may be made for prescribed components of the character strings from original data elements to be retained when ascertaining the anonymized values. By way of example, this allows the anonymized values from data elements stored in the database 11 to be taken as a basis for making statistical evaluations, the results of which are also valid for the real data. Thus, by way of example, provision may be made for the ascertainment of anonymized values of zip codes that personal addresses contain to involve retaining those digits that identify the region (that is to say the first two digits in the five-digit German zip codes, for example). During statistical evaluation of the anonymized data, it is therefore possible to ascertain the (real) distribution of customers over the provided zip code regions, for example, without having to access the real data]. Gurudoss (US2015/0043887)[Abstract, a method and apparatus including the steps of a building information model (BIM) of a security system providing a three-dimensional view of a secured area of the security system including the physical location of any sensors of the security system, an input device of the security system receiving from a user a starting time and ending time of a time interval of interest and a processor of the security system displaying the three-dimensional view of the secured area including a time scale showing the starting time on one end of the time scale and the ending time at an opposing end of the time scale and a respective popup of details for each corresponding sensor of at least some sensors of the security system activated during the time interval of interest, each respective popup graphically connected to the physical location of the corresponding sensor within the three dimensional view]. Stout (US2012/0313780) [ Abstract, A geographical alert system creates an alert for a user-defined geographical area, detects a change to a feature stored in a map-related database, identifies whether the changed feature falls within the user-defined geographical area, and sends a notification to a user when the changed feature of the map-related database falls within the user-defined geographical area]. Broadstone (US2012/0331561) [claim 1. A method of estimating demographic information associated with a user of a mobile device while preserving the privacy of the user based at least in part on a location estimate of the mobile device of the user, the method comprising: (a) receiving an estimated geographical location of the mobile device of the user; (b) receiving a time at which the mobile device was at the estimated geographical location; (c) providing a set of substitute identifiers for a corresponding set of at least one geographical area; (d) assigning one of the set of substitute identifiers for the geographical area corresponding to the geographical location of the mobile device; (e) assigning a substitute identifier for the time at which the mobile device was at the estimated geographical location; (f) providing an association between the substitute identifiers for geographical areas and demographic information corresponding to the substituted geographical area; and (g) estimating demographic information associated with the user of the mobile device based on the assigned substitute identifiers and based on the demographic information associated with the provided set of substitute identifiers]. Ledlie (US8457653) [claim 1. A method comprising processing or facilitating a processing of (1) data, (2) information, or (3) at least one signal, or any combination thereof, based, at least in part, on the following: at least one determination to segment a geographical area into a plurality of discrete areas; at least one determination to record location information associated with a device operating within the geographical area; a processing of the location information to calculate occurrence information of the device with respect to the discrete areas; a processing of the occurrence information to select location-based data to cache at the device; and wherein the processing of the location information further includes adjusting the granularity of the location information based, at least in part, on the plurality of discrete areas, to protect privacy of a user of the device with respect to determining precisely when and where the user of the device is, and wherein the granularity of the location information is adjustable from identification of a precise location within one of the plurality of discrete areas that the device is operating to identification of the geographical area that the device is operating within]. CN 103826199 A [0004] According to one aspect of the invention, claims a mobile device in a geographical fence environment, the mobile device comprising: a sensor module having a sensor for detecting the parameter of the mobile device. and is configured based on detected motion parameter detection moving device, a W1-Fi module is configured when the movement is detected, based on the access point identification information to determine whether the mobile device in a geographic grid area, and a GNSS module configured to when W1-Fi module determines that the mobile device is not in the geographical fence area. determining a position of the mobile device]. Rajkhowa (US2008/0262982) [0021] Referring now to FIG. 4, in the event that a trained psychologist or psychiatrist is not available to participate in a live chat session with a patient, the system can still provide the user with a therapy session using the interactive chat application 30 with AI Bot 22 standing in place for the therapist]. CN 104080081 A [ A Suitable Mobile End Space Anonymization Method of Location Privacy Protection]. Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207. The examiner can normally be reached Monday-Friday, 8:30am-5:30pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached at 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /SHAHRIAR ZARRINEH/Primary Examiner, Art Unit 2496
Read full office action

Prosecution Timeline

Apr 15, 2021
Application Filed
Sep 06, 2023
Non-Final Rejection — §103
Feb 07, 2024
Response Filed
Apr 23, 2024
Final Rejection — §103
Jun 14, 2024
Interview Requested
Jun 25, 2024
Response after Non-Final Action
Jul 31, 2024
Applicant Interview (Telephonic)
Jul 31, 2024
Response after Non-Final Action
Aug 26, 2024
Request for Continued Examination
Aug 29, 2024
Response after Non-Final Action
Nov 28, 2024
Non-Final Rejection — §103
Mar 03, 2025
Response Filed
May 20, 2025
Final Rejection — §103
Nov 21, 2025
Request for Continued Examination
Dec 04, 2025
Response after Non-Final Action
Dec 23, 2025
Non-Final Rejection — §103
Mar 30, 2026
Response Filed

Precedent Cases

Applications granted by this same examiner with similar technology. Study what changed to get past this examiner.

Patent 12587392
SECURE COMMUNICATION METHOD AND APPARATUS IN PASSIVE OPTICAL NETWORK
2y 5m to grant Granted Mar 24, 2026
Patent 12549527
MULTI-FACTOR AUTHENTICATION OF CLOUD-MANAGED SERVICES
2y 5m to grant Granted Feb 10, 2026
Patent 12547755
TECHNIQUES FOR SECURELY EXECUTING ATTESTED CODE IN A COLLABORATIVE ENVIRONMENT
2y 5m to grant Granted Feb 10, 2026
Patent 12543044
SYSTEMS AND METHODS OF AUTOMATIC OUT-OF-BAND (OOB) RESTRICTED CELLULAR CONNECTIVITY FOR SET UP PROVISIONING OF MANAGED CLIENT INFORMATION HANDLING SYSTEMS
2y 5m to grant Granted Feb 03, 2026
Patent 12511435
DEVICE AND METHOD FOR ENFORCING A DATA POLICY
2y 5m to grant Granted Dec 30, 2025

AI Strategy Recommendation

Click below to generate an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

5-6
Expected OA Rounds
79%
Grant Probability
86%
With Interview (+7.3%)
2y 8m
Median Time to Grant
High
PTA Risk
Based on 433 resolved cases by this examiner