Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims status
This action is in response to claims filed on 03/19/2026.
Claims 1-20 are pending and rejected; Claims 1, 8 and 15 are independent claims.
Response to Arguments
Applicant’s arguments with respect to claim(s) filed on 03/19/2026 have been considered but they are not persuasive.
With respect to applicant’s argument: Wasicek is silent about the limitation “searching, by the one or more computer processors subsequent to the transmitting of the second form, resources for the synthetic input, wherein the resources comprise outbound data packets transmitted over a network by the local system, wherein the searching is initiated in response to the transmitting of the second form and is configured to detect subsequent unauthorized transmission of the synthetic input, and wherein the synthetic input is uniquely identifiable to distinguish it from other data ”
Examiner respectfully disagree with applicant argument for the following reasons: Wasicek discloses (see Wasicek Fig. 6, blocks 602-610 and ¶¶57-63, generation of synthetic fingerprint PII, provision synthetic fingerprint PII on form and monitor occurrence of fingerprint in 3rd party database [i.e. monitoring/searching subsequent to the transmitting of the second form, resources for the synthetic input]; ¶60, At block 606, the fingerprinted synthetic PII can be supplied on a web form and provided to a service application [i.e. wherein the resources comprise outbound data packets transmitted over a network by the local system]; ¶61, At block 608, the synthetic PII generator can store the fingerprinted PII. In some embodiments, a tuple may be stored along with the fingerprinted synthetic PII. The tuple can comprise {fake user ID, timestamp, website or other Internet identifier}.¶62-63, a monitoring system can monitor for the occurrence of a fingerprint in PII data obtained from providers of leaked data. The existence of the fingerprint in the leaked data demonstrates that a leak has occurred [i.e. wherein the searching is initiated in response to the transmitting of the second form and is configured to detect subsequent unauthorized transmission of the synthetic input, and wherein the synthetic input is uniquely identifiable to distinguish it from other data]; ¶66, a distributed computing environment, program modules may be located in both local and remote memory storage devices) hence, the monitoring/search is done subsequent to the transmitting/providing PII including fingerprint on the form [i.e. wherein the searching is initiated in response to the transmitting of the second form and is configured to detect subsequent unauthorized transmission of the synthetic input]), disclosing the recited claim limitation. In addition and more explicitly, Sobel discloses searching /monitoring outbound information in response to leaving users computer (see Sobel Col. 2 lines 55-59, a searching component 107 for searching outbound network traffic for occurrences of confidential data 111[i.e. wherein the searching is initiated in response to the transmitting of the second form and is configured to detect subsequent unauthorized transmission of the synthetic input, and wherein the synthetic input is uniquely identifiable to distinguish it from other data]).
With respect to applicants argument “Applicant submits that there is no proper motivation to combine the references. Wasicek teaches sending the generated PII to a service application and logging transmissions of the PII including the destinations. Sobel monitors network traffic to maintain a historical record of transmission destinations. There is no need to add the monitoring of Sobel to Wasicek as Wasicek already knows the PII has been sent and where it has been sent Wasicek already has the historical record of sharing the PII. Sobel adds nothing to that.”
Examiner respectfully disagree with applicant argument for the following reasons: The test for obviousness is not whether the features of a secondary reference may be bodily incorporated into the structure of the primary reference; nor is it that the claimed invention must be expressly suggested in any one or all of the references. Rather, the test is what the combined teachings of the references would have suggested to those of ordinary skill in the art. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Wasicek et al. US Pub. No.: 2021/0097201 A1 (hereinafter Wasicek) in view of Sobel et al. US Patent No.: 8,214,907 B1 (hereinafter Sobel)
Wasicek teaches:
As to claim 1, a computer implemented method for detecting a data leak (see Wasicek ¶9, detecting and tracking data leaks), the method comprising:
detecting, by one or more computer processors, user input in a first form, the user input satisfying a set of requirements (see Wasicek Fig. 3 ¶¶28 39 60 input data may be the user's source PII corresponding to the fields on the form);
storing, by the one or more computer processors, the user input in a memory (see Wasicek ¶22, service application 130 can store the PII as part of an account 140 associated with the identifier in a service database 128);
generating, by the one or more computer processors, a synthetic input satisfying the set of requirements (see Wasicek Fig. 3, ¶¶29 44 53, the synthetic PII generator uses the supplied parameters, the ML models generated by the MLM 116, and the model characteristics of the source PII to generate synthetic PII having realistic features (e.g., features that are likely to avoid being detected as fake));
transmitting, by the one or more computer processors, a second form including the synthetic input (see Wasicek Fig. 6 and ¶60, the fingerprinted synthetic PII can be supplied on a web form and provided to a service application);
searching, by the one or more computer processors subsequent to the transmitting of the second form, resources for the synthetic input (see Wasicek Fig. 6, blocks 602-610 and ¶¶57-63, generation of synthetic fingerprint PII, provision synthetic fingerprint PII on form and monitor occurrence of fingerprint in 3rd party database [i.e. monitoring/searching subsequent to the transmitting of the second form, resources for the synthetic input]); wherein the searching is initiated in response to the transmitting of the second form and is configured to detect subsequent unauthorized transmission of the synthetic input (see Wasicek ¶61, At block 608, the synthetic PII generator can store the fingerprinted PII. In some embodiments, a tuple may be stored along with the fingerprinted synthetic PII. The tuple can comprise {fake user ID, timestamp, website or other Internet identifier}.¶62-63, a monitoring system can monitor for the occurrence of a fingerprint in PII data obtained from providers of leaked data. The existence of the fingerprint in the leaked data demonstrates that a leak has occurred [i.e. wherein the searching is initiated in response to the transmitting of the second form and is configured to detect subsequent unauthorized transmission of the synthetic input]);wherein the synthetic input is uniquely identifiable to distinguish it from other data (see Wasicek ¶61, At block 608, the synthetic PII generator can store the fingerprinted PII. In some embodiments, a tuple may be stored along with the fingerprinted/(uniquely identifiable) synthetic PII. The tuple can comprise {fake user ID, timestamp, website or other Internet identifier}.¶62-63, a monitoring system can monitor for the occurrence of a fingerprint in PII data obtained from providers of leaked data. The existence of the fingerprint in the leaked data demonstrates that a leak has occurred [i.e. wherein the searching is initiated in response to the transmitting of the second form and is configured to detect subsequent unauthorized transmission of the synthetic input, and wherein the synthetic input is uniquely identifiable to distinguish it from other data]
determining, by the one or more computer processors, if the synthetic input is present among the resources according to the search (see Wasicek ¶63, monitoring system can generate an indication that the synthetic PII has been discovered in leaked data in response to detecting the existence of the fingerprint in the leaked data); and
acting, by the one or more computer processors, upon the determination (see Wasicek ¶63, indicator can be provided to a user, a system administrator, or other party to alert the party that the system initially receiving the fingerprinted synthetic PII has experienced a data breach)
Although Wasicek implicitly disclose: wherein the resources comprise outbound data packets transmitted over a network by the local system (see Wasicek ¶60, At block 606, the fingerprinted synthetic PII can be supplied on a web/outbound form and provided to a service application [i.e. wherein the resources comprise outbound data packets transmitted over a network by the local system]; ¶61, At block 608, the synthetic PII generator can store the fingerprinted PII. In some embodiments, a tuple may be stored along with the fingerprinted synthetic PII. The tuple can comprise {fake user ID, timestamp, website or other Internet identifier}.¶62-63, a monitoring system can monitor for the occurrence of a fingerprint in PII data obtained from providers of leaked data. The existence of the fingerprint in the leaked data demonstrates that a leak has occurred [i.e. wherein the searching is initiated in response to the transmitting of the second form and is configured to detect subsequent unauthorized transmission of the synthetic input, and wherein the synthetic input is uniquely identifiable to distinguish it from other data]
Wasicek does not explicitly disclose but the related art Soble teaches:
wherein the resources comprises outbound data packets transmitted over a network by the local system (see Sobel Col. 2 lines 55-59, a searching component 107 for searching outbound network traffic for occurrences of confidential data 111[i.e. wherein the searching is initiated in response to the transmitting of the second form and is configured to detect subsequent unauthorized transmission of the synthetic input, and wherein the synthetic input is uniquely identifiable to distinguish it from other data])
It would have been obvious to one of ordinary skill in the art at the effective filing date of the claimed invention to modify the privacy personas using synthetic personally identifiable information of Wasicek to include the collection of confidential information dissemination statistics as disclosed by Sobel, in order to for searching outbound network traffic for occurrences of confidential data. A person with ordinary skill in the art would have been motivated to apply comprehensive statistical data that can be used for purposes such as damage assessment, trend tracking and profiling of suspected malicious websites (see Sobel Col. 1 lines 61-63).
As to claim 2, the combination of Wasicek and Sobel teaches, the computer implemented method according to claim 1, wherein the resources include resources selected from the group consisting of system memory resources, network communication resources, and combinations thereof (see Wasicek ¶66, practiced in distributed computer environments where tasks are performed by I/O remote processing devices that are linked through a communications network [i.e. system memory resources, network communication resources, and combinations thereof])
As to claim 3, the combination of Wasicek and Sobel teaches, the computer implemented method according to claim 1, wherein the set of requirements relate to user password requirements (see Wasicek Fig. 3 and ¶¶16 29-30 38, receive personally identifying information (PII) (i.e., password)).
As to claim 4, the combination of Wasicek and Sobel teaches, the computer implemented method according to claim 1, further comprising: detecting, by the one or more computer processors, the synthetic input among the resources (see Wasicek ¶20, fake PII detector 120 of MLM 116 can receive the generated synthetic PII and provide an indication of whether the synthetic PII is fake); and
generating, by the one or more computer processors, an alert associated with the synthetic input among the resources (see Wasicek ¶63, indicator can be provided to a user, a system administrator, or other party to alert the party that the system initially receiving the fingerprinted synthetic PII has experienced a data breach)
As to claim 5, the combination of Wasicek and Sobel teaches, the computer implemented method according to claim 4, wherein the user input comprises a user password, and further comprising stopping a user authentication process (see Wasicek ¶30, a fake password may be randomly generated to use along with the fake ID. The fake password can be used as further described below to detect breaches; and ¶52, locating potential breaches of webservices can be a practical application of the techniques of the disclosure by allowing a system to warn consumers and implement security and privacy in the event of a data breach [i.e. including stopping user authentication process])
As to claim 6, the combination of Wasicek and Sobel teaches, the computer implemented method according to claim 1, further comprising: failing, by the one or more computer processors, to detect the synthetic input among the resources (see Wasicek Fig. 5 ¶56, obtain the data… and analyze the data to determine if any fingerprinted PII appears in the third-party data 508… monitor system 510 may obtain the account data in third-party database 508 and determine that fingerprinted data exists in the database for account. [i.e. if the monitoring system determine that there is no fingerprint/synthetic PII exist, it fails to detect the synthetic input among the resource]); and
sending, by the one or more computer processors, the first form including the user input (see Wasicek Fig. 3 and ¶39, input data may be the user's source PII corresponding to the fields on the form. The source PII can be the user's true PII or the PII of a randomly selected persona; ¶60, the fingerprinted synthetic PII can be supplied on a web form and provided to a service application [i.e. the user input supplied on the web form and provided to a service application is user input] ).
As to claim 7, the combination of Wasicek and Sobel teaches, the computer implemented method according to claim 1, wherein searching local system resources comprises searching memory resources subject to a write command subsequent to sending the first form including the synthetic input (see Wasicek Fig. 1 and ¶53, system environment 100 can include a service application 130, an attacker application 502, third party systems 506, and a monitor service 510. Service application 130 may be a system in which some of the accounts have been created using synthetic PII; ¶66, practiced in distributed computer environments where tasks are performed by I/O remote processing devices that are linked through a communications network [i.e. system memory resources, network communication resources, and combinations thereof])
As to independent claim 8, this claim is directed to a computer program product executing the computer implemented method of claim 1; therefore. it is rejected along similar rationale.
As to independent claim 15, this claim is directed to a computer system executing the computer implemented method of claim 1; therefore, it is rejected along similar rationale.
As to dependent claims 9-14, these claims contain substantially similar subject matter as claims 2-7; therefore, they are rejected along the same rationale.
As to dependent claims 16-20, these claims contain substantially similar subject matter as claims 2-6; therefore, they are rejected along the same rationale.
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NEGA WOLDEMARIAM whose telephone number is (571)270-7478. The examiner can normally be reached Monday to Friday, 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Cathy Thiaw can be reached at 5712701138. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
NEGA . WOLDEMARIAM
Examiner
Art Unit 2407
/NEGA WOLDEMARIAM/ Examiner, Art Unit 2407
/Catherine Thiaw/ Supervisory Patent Examiner, Art Unit 2407 4/22/2026