DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
The amendment filed 27 October 2025 has been entered. Applicant amended claims 1 and 14; canceled claims 9-13, 20, and 22-24. Accordingly, claims 1-8, 14-19, 21, and 25 remain pending.
Response to Arguments
Applicant’s arguments, filed 27 October 2025, with respect to the 35 USC 103 rejection(s) of the claim(s) have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of Hanson et al US 11115410 (hereinafter Hanson), and in further view of Ford et al WO 2014025809 (hereinafter Ford).
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
Claims 1-8, 14-19, 21, and 25 are rejected under 35 U.S.C. 112(a) as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor at the time the application was filed, had possession of the claimed invention.
Claim 1 recites the amended limitation of “wherein both the client device and the server are owned or controlled by the business entity”. It has been determined that such limitation is new matter because the examiner does not find support for the limitation in the original disclosure. The examiner requests for the Applicant to pinpoint in the specification the teaching that “both the client device and the server are owned or controlled by the business entity”. Paragraph 19 disclose the server may be owned or controlled by the car maker or company that provided the car and client device 102 which differ from the claimed limitation.
Claims 2-8 are rejected to because said claims depend upon rejected claim 1.
Claim 14 recites the amended limitation of “wherein both of the automobile company server and the client device in the automobile are owned or controlled by the automobile company”. It has been determined that such limitation is new matter because the examiner does not find support for the limitation in the original disclosure. The examiner requests for the Applicant to pinpoint in the specification the teaching that “both of the automobile company server and the client device in the automobile are owned or controlled by the automobile company”. Paragraph 19 discloses the server may be owned or controlled by the car maker or company that provided the car and client device 102, which differ from the claim limitation.
Claims 15-19, 21, and 25 are rejected to because said claims depend upon rejected claim 14.
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
.
Claims 1-8, 14-19, 21, and 25 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as the invention.
Claim 1 recites “…the server owned or controlled by the business entity…”. Downstream service provider is mentioned once in line 2 of claim 1. It is unclear whether the server is the same or different from the downstream service provider in line 2 of the claim 1, or the same as the service provider in lines 19 and 22 of claim 1. The service provider in lines 19 and 22 lack antecedent basis.
Also in claim 1, “owned or controlled” is indefinite language that is not defined or contextualized in the specification. The term “owned” or “controlled” is a non-technical business/organizational relationship that lacks any objective boundaries. Therefore, a person of ordinary skill in the art would not be able to determine with reasonable certainty what conditions constitute “ownership” or “control”, nor how to evaluate whether a server or client device satisfies that limitation.
Claims 2-8 are rejected as being dependent on, and failing to resolve the deficiencies of, rejected independent claim 1
Regarding claim 14, “owned or controlled” is indefinite language that is not defined or contextualized in the specification. The term “owned” or “controlled” is a non-technical business/organizational relationship that lacks any objective boundaries. Therefore, a person of ordinary skill in the art would not be able to determine with reasonable certainty what conditions constitute “ownership” or “control”, nor how to evaluate whether a server or client device satisfies that limitation.
Claims 15-19, 21, and 25 are rejected as being dependent on, and failing to resolve the deficiencies of, rejected independent claim 14.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Wang et al WO 2022046130 (hereinafter Wang), in view of Heidari US 20200045041 (hereinafter Heidari), in further view of Efrati et al US 20190020605 (hereinafter Efrati), in further view of Hanson et al US 11115410 (hereinafter Hanson), and in further view of Ford et al WO 2014025809 (hereinafter Ford).
Regarding claim 1, Wang teaches a method (Figure 3 show the method and Figure 2 shows the method steps executed in an environment) of fulfilling privacy requests from a client device at a downstream service provider (abstract discloses methods and systems for transmitting/processing requests to control information from multiple content platforms/servers; paragraph 34 reveals that the content platform are service provider(s), thus this entails downstream service provider), the privacy requests generated by a user communicating with the client device comprising:
a) storing data at service provider (paragraph 14 discloses content platform/servers that store information for the user of the client device; paragraph 34 reveals the content platform may be operated by a content platform service provider) and at server;
b) receiving a privacy request at the server (Figure 2, reference number 218 shows a “Request to control information user” is sent from the client/user device, depicted as reference number 102, and the relay server, depicted as reference number 108) and at the [service provider], the privacy request being received at the server from the client device (Figure 2, reference number 218 shows a “Request to control information user” is sent from the client/user device, depicted as reference number 102, and the relay server, depicted as reference number 108, to the content platform service provider, depicted as reference number 106, see also paragraph 76), receipt of the privacy request at server triggering an automatic from the server to the [service provider] (Figure 2 reveals receipt of the privacy request 218 at the service provider 106 is triggered by receipt of the privacy request 216 at the server 108 sent from client device 102 to the server 108. The server handles tasks such as data storage, various fulfilment requests, application executions, and network management that allows for the client device to access resources as a result of a request);
d) fulfilling the privacy request at the [service provider] in response to receipt of the privacy request at the service provider (paragraph 93 describes the fulfillment of the privacy request at the service provider, “the content platform/server determines that it has to perform the request to control information, the content platform/server obtains the type of action to be performed… and performs the appropriate action on the user information stored at the content platform 106”); and
e) transmitting confirmation of fulfillment of the privacy request (Figure 2, reference numbers 220 and 222 “Request fulfilled/not fulfilled”) at the service provider (Figure 2, reference number 106 “Content Platform”; paragraph 34 reveals that the content platform is a service provider) from the service provider (Figure 2, reference number 106 ) to the server (Figure 2, reference number 108 “Relay Server”).
While Wang teaches verifying the trustworthiness of the client device to the device trustworthiness server before fulfilling the privacy request (Figure 3, step 305 “Send a request to verify the trustworthiness of the client device to the device trustworthiness server” and step 310 “Receive, from the device trustworthiness server, data indicating that the client device is trustworthy”), Wang does not teach that the service provider is a voice recognition service provider; storing data at a voice recognition service provider; wherein both the client device and the server are owned or controlled by the business entity; receiving a privacy request at the voice recognition service provider; receipt of the privacy request at the server triggering an automatic forwarding of the privacy request from the server to the voice recognition service provider; authenticating a user of the client device at one or more of the server and the voice recognition service provider; fulfilling the privacy request at the server in response to receipt of the privacy request at the server and the authentication of the user; fulfilling the request at the voice recognition service provider in response to authentication of the user; and transmitting confirmation of the fulfilment of the request at the voice recognition service provider.
Heidari teaches that the service provider is a voice recognition service provider (paragraphs 2 and 24 disclose wherein voice assistance provider include Apple Siri, Amazon Alex, Google Assistant, etc.,); storing data at a voice recognition service provider (paragraph 5 disclose an apparatus comprises a memory to store biometric data; paragraph 24 disclose a particular application is implemented on voice assistance server of the voice assistance service provider (thus application data is stored at the voice assistance service provider), when the voice assistance server receives voice command by a user. Additionally, paragraph 2 disclose the voice assistant providers can be Apple Siri, Amazon Alexa, and Google Assistant which store data/records); receiving a privacy request at a server (paragraph 27 discloses a centralized gateway server receives requests provided by the user. Paragraphs 28 discloses the privacy request can involve securely conduct operations) and at a voice recognition service provider (paragraph 24 discloses the voice command/request spoken by the user may be received by smart speaker device and may be transmitted by smart device to voice assistant service provide. Voice assistant server may identify, based on the voice command/request received from the smart speaker device, a particular application implemented on voice assistant server that may correspond to the voice command. See also paragraph 43), receipt of the privacy request at the voice recognition service provider triggered by receipt of the privacy request sent from the client device to the server provisioning or managing the client device (paragraph 43 discloses user device may initiate process by transmitted a service application request to gateway server. In response to service application request, gateway server may transmit a redirect message/authorization request/ and the service request to the service server. Service server may correspond to voice assistant server); authenticating a user of the client device at one or more of the server provisioning or managing the client device and the voice recognition service provider (paragraph 39 disclose application engine may be configured to authenticate whether a user is authorized to request a particular operation; a secure smart speaker device may provider a confirmation of a successful authentication response to application engine. Additionally, paragraph 40 disclose the application engine may implement a suitable process to obtain authorization from servers. Obtaining authorization from a server may involve obtaining an access token from the server, and subsequently utilizing the access token. Application engine may also obtain an access token from a voice assistant server associated with a smart speaker device of a user, and may utilize the access token to access voice assistant account information of the user via the voice assistant server; see also paragraph 43) ; fulfilling the request at the voice recognition service provider in response to authentication of the user (see claim 14 which recites fulfilling the request via a response requesting a selection of a bank account associated with a first user and providing the response via the first voice assistant service provider to the first user; paragraph 17 disclose fulfilling the request via respective interfaces with respective server applications; paragraph 32 disclose application engine may be configured generally to process request received via user device interfaces and or voice assistance interface and to interact with servers via the interfaces to fulfill the requests. Respective ones of voice assistance interfaces may be configured to interface with respective ones of voice assistant servers. Voice assistant interfaces may include, for example, one or more of: a first voice assistant interface configured to interact with Google Assistant voice assistant applications; a second voice assistant interface configured to interact with Amazon Alexa voice assistant applications…; paragraph 46 disclose once the biometric/voice input provided by the user is authenticated/matches, the user request is transmitted to centralized gateway server to perform the requested operation); and transmitting confirmation of the fulfilment of the request at the voice recognition service provider (paragraph 43 discloses service server…, if authenticated, may provide a response which may include data (money transfer confirmation, etc.) associated with an API resource for performing the requested operation. Paragraph 42 disclose service server may correspond to voice assistant server/provider).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the service provider in Wang’s method of fulfilling privacy requests with Heidari’s voice assistant service provider to provide access to services over a network (paragraph 2 of Heidari) and to provide security features on smart speaker devices of voice assistance providers when performing sensitive operations such as banking operations (paragraph 2 of Heidari).
The combination of Wang in view of Heidari does not teach wherein both the client device and the server are owned or controlled by the business entity; receipt of the privacy request at the server triggering an automatic forwarding of the privacy request from the server to the voice recognition service provider; fulfilling the privacy request at the server provisioning or managing the client device in response to receipt of the privacy request at the server and the authentication of the user.
Efrati teaches fulfilling the privacy request at the server provisioning or managing the client device in response to receipt of the privacy request at the server and the authentication of the user (paragraphs 15-16 and 40-49 disclose the fulfillment center starts the process of fulfilling the request by building a contextual framework for the user request in response to receiving the request; facilitate fulfillment of the user request, and perform a lookup of the dedicated inbound identifier to determine the appropriate service provider) and further teaches fulfilling the privacy request at the service provider in response to receipt of the privacy request at the service provider (paragraphs 27 and 49 disclose service provider, such as car service provider, fulfills the request, upon receiving the processed request); transmitting confirmation of fulfillment of the privacy request (paragraph 49 discloses server provider confirms the fulfillment of the request by responding to the fulfillment center request).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the service provider in Wang’s method of fulfilling privacy requests in view of Heidari’s voice assistant service provider with Efrati’s teachings of fulfillment center server to provide an improved contextually based fulfillment of communication requests via a telephony-based methodology and preferably incorporating SMS (paragraph 4 of Efrati).
The combination of Wang in view of Heidari and Efrati does not teach wherein both the client device and the server are owned or controlled by the business entity; receipt of the privacy request at the server triggering an automatic forwarding of the privacy request from the server to the voice recognition service provider.
Hanson teaches receipt of the privacy request at the server triggering an automatic forwarding of the privacy request from the server to the voice recognition service provider (column 25, lines 15-40, 52+ disclose the assistant system/server receives a request for information or services. The assistant system may determine based on the intent of the utterance that authentication is needed because request for information or services are private. The assistant system/server sends the request to an authentication server/voice recognition service provider, wherein the request includes the intent/request message. Column 26, lines 17-39 reveals the authentication server sends instructions to the assistant system to prompt the user to confirm their request for information or service. Column 26, lines 28-39 also reveals the authentication server sends instructions to the client system to prompt user to confirm their request for information or services. The authentication server can be the voice recognition service provider because the authentication server includes the text/speech representation of the access request in each of the confirmation request and confirms the audio intent/request for services. Column 22, lines 49-54 disclose the authentication server may be a server of a social networking system, a server of the assistant system, a third party a third-party authentication server of a third-party provider used by third-party agents for user authentication, or other suitable server that performs authentication operations. Column 43, lines 7-15 reveals the assistant system may store particular objects or information associated with the user. Column 45, lines 4-19 and column 1, lines 40-43 reveal the computing device/computing system can perform the steps of the assistant system).
It would have been obvious for one having ordinary skill in the art before the effective filing date of the claimed invention to modify the service provider in Wang’s method of fulfilling privacy requests in view of Heidari’s voice assistant service provider and Efrati’s teachings of fulfillment center server with Hanson’s teachings of the server forwarding the request to the voice recognition service provider such that the server/assistant system can provide accurate information or services on behalf of a user based on a combination of user input, location awareness, and the ability to access information from a variety of online sources while also managing or data-handling tasks based on online information and events without user initiation or interaction (column 1, lines 21-35 of Hanson).
The combination of Wang in view of Heidari, Efrati, and Hanson does not teach, but Ford teaches wherein both the client device and the server are owned or controlled by the business entity (paragraph 63 discloses the server is controlled by a business entity and the client computing devices are owned and managed by the business entity).
It would have been obvious for one having ordinary skill in the art before the effective filing date of the claimed invention to modify the service provider in Wang’s method of fulfilling privacy requests in view of Heidari’s voice assistant service provider, Efrati’s teachings of fulfillment center server, and Hanson’s teachings of the server forwarding the request to the voice recognition service provider with Ford’s teachings of the client device and server are both owned and managed by a business entity to improved system and method for securely sharing and managing content that allows for un-sharing of the content in a secure manner. This also further allows the business entity to have complete lifetime control of any content they distribute or provide access to (paragraph 6 of Ford).
As to claim 2, the combination of Wang in view of Heidari, Efrati, Hanson, and Ford teaches wherein the privacy request received in said step b) is a request to delete user data (Wang: paragraph 3 reveals that the request includes a request to delete user’s information).
As to claim 3, the combination of Wang in view of Heidari, Efrati, Hanson, and Ford teaches wherein the privacy request to delete user data is a privacy request to delete all personal data of the user (Wang: paragraph 3 reveals that the request includes a request to delete all user’s information and paragraph 30 discloses the data is PII/personal data of the user).
As to claim 4, the combination of Wang in view of Heidari, Efrati, Hanson, and Ford teaches wherein the privacy request to delete user data is a privacy request to delete all data of the user (Wang: paragraph 3 reveals that the request includes a request to delete all user’s information).
Claim 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Wang et al WO 2022046130 (hereinafter Wang), in view of Heidari US 20200045041 (hereinafter Heidari), in further view of Efrati et al US 20190020605 (hereinafter Efrati), in further view of Hanson et al US 11115410 (hereinafter Hanson), in further view of Ford et al WO 2014025809 (hereinafter Ford), and in view further of Gropper US 20070192140 (hereinafter Gropper).
As to claim 5, the combination of Wang in view of Heidari, Efrati, Hanson, and Ford teaches all the limitations recited in claim 1 above. The combination of Wang in view of Heidari, Efrati, Hanson, and Ford further teaches wherein the privacy request received in said step b) is a request to port user data (Wang: paragraph 12 reveals the request includes a request to export the user data).
The combination of Wang in view of Heidari, Efrati, Hanson, and Ford does not teach that the data is ported to a second client device.
Gropper teaches that the data is ported to a second client device (Figure 29, reference number 906 reveals that the data is ported from repository device 903 to repository device 907. See paragraph 288 which discloses “… The Sender executes a notification or disclosure request with the service provider for Repository S that allow a service provider to transfer, using mutually agreed and typical standard protocol, copy of private information in Repository S to Repository R that is controlled by and accessible to Recipient”. In addition, paragraph 324 discloses the client maintains a copy of their information on their personal devices ).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Wang’s port/export of user data in view of Heidari’s service provider, Efrati’s teachings of fulfillment center server, Hanson’s teachings of the server forwarding the request to the voice recognition service provider, and Ford’s teachings of the client device and server are both owned and managed by a business entity with Gropper’s teachings of porting the data to a second client device such that the service provider can automatically and cost-effectively fulfil security obligations to the parties/users per consent/request received (paragraph 290 of Gropper).
Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Wang et al WO 2022046130 (hereinafter Wang), in view of Heidari US 20200045041 (hereinafter Heidari), in further view of Efrati et al US 20190020605 (hereinafter Efrati), in further view of Hanson et al US 11115410 (hereinafter Hanson), in further view of Ford et al WO 2014025809 (hereinafter Ford), in further view of Gropper US 20070192140 (hereinafter Gropper), and in further view of Calder et al US 20120303912 (hereinafter Calder).
As to claim 6, the combination of Wang in view of Heidari, Efrati, Hansen, Ford, and Gropper teaches all the limitations recited in claim 5 above. The combination of Wang in view of Heidari, Efrati, Hanson, Ford, and Gropper further teaches wherein the privacy request to port user data is a privacy request to port personal data of the user (Wang: paragraph 12 reveals the privacy request can include the request to export user data and paragraph 30 discloses the data is PII/personal data of the user).
The combination of Wang in view of Heidari, Efrati, Hanson, Ford, and Gropper does not teach the data to port is all data.
Calder teaches the data to port is all data (paragraph 86 reveals copying/porting all data from one storage unit/location to another storage unit/location. Paragraph 32 reveal the storage units are hardware devices. Figure 3 reveals diagram of storage units that are in different locations ).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Wang’s port/export of user data in view Heidari’s service provider, Efrati’s teachings of fulfillment center server, Hanson’s teachings of the server forwarding the request to the voice recognition service provider, Ford’s teachings of the client device and server are both owned and managed by a business entity, and Gropper’s teachings of porting the data to a second client device with Calder’s teachings of porting/transferring all the data to provide bootstrapping which involves rapidly catching up an existing storage account in the second client device to the current state of the primary storage account from another/the servers/device and thus, resolving occasions in which data is lost due to disaster(s) (paragraph 87 of Calder).
Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Wang et al WO 2022046130 (hereinafter Wang), in view of Heidari US 20200045041 (hereinafter Heidari), in further view of Efrati et al US 20190020605 (hereinafter Efrati), in further view of Hanson et al US 11115410 (hereinafter Hanson), in further view of Ford et al WO 2014025809 (hereinafter Ford), and in further view of Calder et al US 20120303912 (hereinafter Calder).
As to claim 7, the combination of Wang in view of Heidari, Efrati, Hanson, and Ford teaches all the limitations recited in claim 2 above. The combination of Wang in view of Heidari, Efrati, Hanson, and Ford further teaches wherein the privacy request to port user data is a privacy request to port all data of the user (Wang: paragraph 12 reveals the privacy request can include the request to export user data).
The combination of Wang in view of Heidari, Efrati, Hanson, and Ford does not teach the data to port is all data.
Calder teaches the data to port is all data (paragraph 86 reveals copying/porting all data from one storage unit/location to another storage unit/location. Paragraph 32 reveals the storage units are hardware devices. Figure 3 reveals diagram of storage units that are in different locations).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Wang’s port/export of user data in view of Heidari’s service provider, Efrati’s teachings of fulfillment center server, Hanson’s teachings of the server forwarding the request to the voice recognition service provider, and Ford’s teachings of the client device and server are both owned and managed by a business entity with Calder’s teachings of porting/transferring all the data to provide bootstrapping which involves rapidly catching up an existing storage account in the second client device to the current state of the primary storage account from another/the servers/device and thus, resolving occasions in which data is lost due to disaster(s) (paragraph 87 of Calder).
Claim 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Wang et al WO 2022046130 (hereinafter Wang), in view of Heidari US 20200045041 (hereinafter Heidari), in further view of Efrati et al US 20190020605 (hereinafter Efrati), in further view of Hanson et al US 11115410 (hereinafter Hanson), in further view of Ford et al WO 2014025809 (hereinafter Ford), and in further view of Donovan et al US 20190197217 (hereinafter Donovan).
As to claim 8, the combination of Wang in view of Heidari, Efrati, Hanson, and Ford teaches all the limitations recited in claim 1 above and further teaches wherein said step b) of fulfilling the privacy request comprises the step of posting the privacy request to one or more [ the service providers ] provisioning or managing the client device for the affiliates to fulfill the privacy request and send confirmation to the service provider (Wang: paragraph 76 reveals the request is sent to a select number of domains corresponding to certain content platforms/service providers; Paragraph 113 reveals that it is determined that at least a subset of the plurality of servers perform/fulfill the privacy request. The subset of the plurality of servers can be affiliates. Heidari: paragraph 43 discloses the service server associated with the requested service may correspond to financial institution server, credit card provider, merchant/service server and voice assistant server).
The combination of Wang in view of Heidari, Efrati, Hanson, and Ford does not teach posting the privacy request to one or more affiliates of the service providers for the affiliates to fulfill the privacy request and send confirmation to the service provider.
Donovan teaches posting the privacy request to one or more affiliates of the service providers for the affiliates to fulfill the privacy request and send confirmation to the service provider (paragraphs 50-51 reveal a privacy request pertaining to PII is broadcast to service providers 112 and 114 and third party service providers 104. These third party service providers can be affiliates to the service providers. Paragraph 52 discloses a response/confirmation from the third party service provider 104 is received by the management engine 116, per Figure 1, the management engine is part of the service provider system).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Wang’s service providers in view of Heidari’s service provider and Efrati’s teachings of fulfillment center server, Hanson’s teachings of the server forwarding the request to the voice recognition service provider, and Ford’s teachings of the client device and server are both owned and managed by a business entity, to include affiliates service providers as taught by Donavan to ensure the request sent to other services (third party service affiliates) that uses customers’ PII follows data privacy rights and requirements/regulations (paragraphs 11-12 of Donavan).
Claims 14-16, 21, and 25 is/are rejected under 35 U.S.C. 103 as being unpatentable over Wang et al WO 2022046130 (hereinafter Wang), in view of Heidari US 20200045041 (hereinafter Heidari), in further view of Efrati et al US 20190020605 (hereinafter Efrati), in further view of Lee et al US 20200356694 (hereinafter Lee), in further view of Yamashita WO 2018127944 (hereinafter Yamashita), and in further view of Ford et al WO 2014025809 (hereinafter Ford).
As to claim 14, Wang teaches a system (Figure 2 shows the method steps executed in an environment) for fulfilling privacy requests from a client device at a service provider (abstract discloses method and system for transmitting/processing requests to control information from multiple content platforms/servers and paragraph 34 reveals that the content platform is a service provider, thus this entails downstream service provider), comprising:
a memory storage for storing data (Figure 4, reference number 420 “Memory”; paragraph 115), the data including personal information of a user (paragraph 117 reveals storage device provides for mass storage of information; paragraph 30 discloses the information includes PII/personal data of the user); and
one or more processor (Figure 4, reference number 410 “Processor”) configured to execute software code (paragraph 115) to: monitor a server for privacy requests received at the server from the client device (paragraph 80 discloses that the content platform/server determines that the relay server and/or the client device has malfunctioned or is untrustworthy or compromised. The content platform/server verifies the freshness of the request, and the content platform/server validates the request by recalculating the digital digest received in the request (paragraph 38 of Wang describes the relay server receives from a client device a single request to exercise user information). Therefore, the content platform/server monitors/tracks/checks/determines whether the relay server (which receives a privacy request from a client device) has malfunctioned, or is untrustworthy, or is compromised),
receive the privacy request at the service provider (Figure 2, reference number 218 shows a “Request to control information user” is sent from the client/user device to relay server to content platform service provider, see paragraph 76) upon detecting receipt of the privacy request at the server (Figure 2 reveals receipt of the privacy request 218 at the service provider 106 is triggered by receipt of the privacy request 216 at the server 108 sent from client device 102 to the server 108), and
authenticate the [client device ] making the data privacy request (Figure 3, step 305 “Send a request to verify the trustworthiness of the client device to the device trustworthiness server” and step 310 “Receive, from the device trustworthiness server, data indicating that the client device is trustworthy”);
access the memory storage to fulfill the privacy request at the service provider in response to receipt of the privacy request at the service provider (paragraph 93 describes the fulfillment of the privacy request at the service provider, “the content platform/server determines that it has to perform the request to control information, the content platform/server obtains the type of action to be performed,… and performs the appropriate action on the user information stored at the content platform 106”; paragraph 36 reveals that the service provider includes storage).
While Wang teaches verifying the trustworthiness of the client device to the device trustworthiness server before fulfilling the privacy request (Figure 3, step 305 “Send a request to verify the trustworthiness of the client device to the device trustworthiness server” and step 310 “Receive, from the device trustworthiness server, data indicating that the client device is trustworthy”), Wang does not teach a system for fulfilling privacy requests from a client device in an automobile at a voice recognition server; monitor an automobile company server for privacy requests received at the automobile company server from the client device, wherein both of the automobile company server and the client device in the automobile are owned or controlled by the automobile company; receive a request at the voice recognition service provider; authenticate the identity of the natural person making the data request; fulfill the request at the voice recognition service provider in response to receipt of the privacy request at the voice recognition service provider and authentication of the user; the sever is an automobile company server.
Heidari teaches a system for fulfilling requests from a client device at a voice recognition service provider (paragraphs 2 and 24 disclose wherein voice assistance provider include Apple Siri, Amazon Alex, Google Assistant, etc.,) comprising: a memory storage for storing data (paragraph 5 discloses an apparatus comprises a memory to store biometric data; paragraph 24 disclose a particular application is implemented on voice assistance server of the voice assistance service provider, when the voice assistance server receives voice command by a user); receive a request at the voice recognition service provider(claim 2 discloses receiving the first user request indicating the first operation comprise receiving the first user request from a first voice assistant service provider server associated with a first voice assistant service provider); authenticate the identity of the natural person making the data request (paragraph 39 discloses application engine may be configured to authenticate whether a user is authorized to request a particular operation; a secure smart speaker device may provider a confirmation of a successful authentication response to application engine. Additionally, paragraph 40 disclose the application engine may implement a suitable process to obtain authorization from servers. Obtaining authorization from a server may involve obtaining an access token from the server, and subsequently utilizing the access token. Application engine may also obtain an access token from a voice assistant server associated with a smart speaker device of a user, and may utilize the access token to access voice assistant account information of the user via the voice assistant server; see also paragraph 43); fulfill the request at the voice recognition service provider in response to receipt of the privacy request at the voice recognition service provider (paragraph 43 discloses service service/voice assistant server may provide a response associated with the received request upon authenticating the gateway server is authorized to request the operation) and authentication of the user (see claim 14 which recites fulfilling the request via the response requesting a selection of a bank account associated with a first user providing the response via the first voice assistant service provider to the first user; paragraph 17 discloses fulfilling the request via respective interfaces with respective server applications; paragraph 32 discloses application engine may be configured generally to process request received via user device interfaces and or voice assistance interface and to interact with servers via the interfaces to fulfill the requests. Respective ones of voice assistance interfaces may be configured to interface with respective ones of voice assistant servers. Voice assistant interfaces may include, for example, one or more of: a first voice assistant interface configured to interact with Google Assistant voice assistant applications; a second voice assistant interface configured to interact with Amazon Alexa voice assistant applications…; paragraph 46 disclose once the biometric/voice input provided by the user is authenticated/matches, the user request is transmitted to centralized gateway server to perform the requested operation).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the service provider in Wang’s method of fulfilling privacy requests with Heidari’s voice assistant service provider to provide access to services over a network (paragraph 2 of Heidari) and to provide security features on smart speaker devices of voice assistance providers when performing sensitive operations such as banking operations (paragraph 2 of Heidari).
The combination of Wang in view of Heidari does not teach fulfilling privacy request from a client device in an automobile at a voice recognition server; the server is an automobile company server, the automobile having the client device; monitor an automobile company server for privacy requests received at the automobile company server from the client device, wherein both of the automobile company server and the client device in the automobile are owned or controlled by the automobile company.
Efrati teaches fulfilling privacy request from a client device in an automobile at a voice recognition server (paragraph 19 discloses contextually based fulfillment of communication request, wherein the system includes a user device and a natural language format analyzer such as Google Cloud NPL and IBM WATSON. Google Cloud NPL and IBM Watson allow the user to interact with computer using written or spoken language instead of computer language. Paragraph 20 discloses user device can be a mobile computing device. Vehicle computers are a type of mobile computing device); the server is an automobile company server (paragraph 39 reveals the car service is made via the fulfillment center server, the automobile having the client device (paragraph 49 disclose the third party service provider pertains to car service. Paragraph 23 discloses fulfillment center server may be managed by a communication provider such as VoIP service provider. VoIP services are used in automotive. Paragraph 20 discloses user device can be a mobile computing device. Vehicle computers are a type of mobile computing device), and the automobile company server provisioning or managing the automobile client device (paragraphs 49-50 disclose the fulfillment center server is associated with the user device which can be a mobile computing device (vehicle computers are a type of mobile computing devices) and is also associated with a third party service provider that pertains to car service), and monitor an automobile company server for privacy requests received at the automobile company server from the client device (paragraph 25 discloses the system utilizes a messaging interface system of the fulfillment center to monitor/watch for a user request from the user device/mobile computing device), wherein both of the automobile company server and the client device [associated with] the automobile are [managed] by the automobile company (paragraph 49 discloses the automobile company server and the client device in the automobile are managed by the automobile company/fulfillment center. Upon receiving the message that the user intent is confirmed, sends the complete user intent to a third-party service provider capable of fulfilling the request. The fulfillment center may make an API request to a car service, providing the pickup and destination locations. The car service confirms that it can fulfill the request by responding to the fulfillment center's request ).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the service provider in Wang’s method of fulfilling privacy requests in view of Heidari’s voice assistant service provider with Efrati’s teachings of fulfillment center server to provide an improved contextually based fulfillment of communication requests via a telephony-based methodology and preferably incorporating SMS (paragraph 4 of Efrati).
The combination of Wang in view of Heidari and Efrati does not teach wherein both of the automobile company server and the client device in the automobile are owned or controlled by the automobile company.
Lee teaches wherein the client device in the automobile [is] owned or controlled by the automobile company (paragraph 84 discloses the electronic device is controlled by the rental car company. The rental car is/have the electronic device ).
It would have been obvious for one having ordinary skill in the art before the effective filing date of the claimed invention to modify the service provider in Wang’s method of fulfilling privacy requests in view of Heidari’s voice assistant service provider and Efrati’s teachings of fulfillment center server with Lee’s rental car company controlling the electronic device to provide improved method of establishing ownership of data while preserving privacy of the data, and establishing authenticity of the data (paragraph 4 of Lee).
The combination of Wang in view of Heidari, Efrati, and Lee does not teach wherein both of the automobile company server and the client device in the automobile are owned or controlled by the automobile company.
Yamashita teaches wherein the automobile company server is owned or controlled by the automobile company (page 14, second paragraph discloses a server managed by the automobile company).
It would have been obvious for one having ordinary skill in the art before the effective filing date of the claimed invention to modify the service provider in Wang’s method of fulfilling privacy requests in view of Heidari’s voice assistant service provider, Efrati’s teachings of fulfillment center server, and Lee’s rental car company owning/managing an electronic device with Yamashita’s teachings of the automobile company controlling/managing a server to provide higher security for the server database vice having a separate server that is associated with the automobile company (page 10, last paragraph of Yamashita).
The combination of Wang in view of Heidari, Efrati, Lee, and Yamashita does not teach Ford teaches wherein a [client device] and [a server] are owned or controlled by a [business entity] (paragraph 63 discloses the server is controlled by a business entity and the client computing devices are owned and managed by the business entity).
It would have been obvious for one having ordinary skill in the art before the effective filing date of the claimed invention to modify the service provider in Wang’s method of fulfilling privacy requests in view of Heidari’s voice assistant service provider, Efrati’s teachings of fulfillment center server, Lee’s rental car company owning/managing an electronic device, and Yamashita’s teachings of the automobile company controlling/managing a server with Ford’s teachings of the client device and server are both owned and managed by a business entity to improved system and method for securely sharing and managing content that allows for un-sharing of the content in a secure manner. This also further allows the business entity to have complete lifetime control of any content they distribute or provide access to (paragraph 6 of Ford).
As to claim 15, the combination of Wang in view of Heidari, Efrati, Lee, Yamashita and Ford teaches wherein the processor is further configured to transmit confirmation of fulfillment of the privacy request (Wang: Figure 2, reference numbers 220 and 222 “Request fulfilled/not fulfilled”) at the voice recognition service provider (Wang: Figure 2, reference number 106 “Content Platform”; paragraph 34 reveals that the content platform is a service provider. Heidari: paragraph 43 disclose if authenticated, service server/voice assistant server may provide a response such as a confirmation to the gateway server. The gateway server then transmit the conformation response to the user device) from the voice server service provider (Wang: Figure 2, reference number 106. Heidari: paragraph 43 disclose if authenticated, service server/voice assistant server may provide a response such as a confirmation to the gateway server. The gateway server then transmit the conformation response to the user device ) to the server (Wang: Figure 2, reference number 108 “Relay Server”) provisioning or managing the client device (Wang: Figure 2, reference number 102. Heidari: paragraph 43 discloses if authenticated, service server/voice assistant server may provide a response such as a confirmation to the gateway server. The gateway server then transmit the conformation response to the user device). The motivation is similar to the motivation presented in claim 14.
As to claim 16, the combination of Wang in view of Heidari, Efrati, Lee, Yamashita and Ford teaches wherein the received privacy request is a request to delete the personal data of the user stored on the memory storage (Wang: paragraph 3 reveals that the request includes a request to delete all user’s information; paragraph 30 discloses the data is PII/personal data of the user; and paragraph 36 reveals that the service provider includes storage).
As to claim 21, the combination of Wang in view of Heidari, Efrati, Lee, Yamashita and Ford teaches further comprising the step of sending a failure message to the server for transmission to the client device in the event the processor is unable to authenticate the user (Wang: paragraph 69 reveals that