DETAILED ACTION
This Action is in consideration of the Applicant’s response on August 14, 2025. Claims 1 – 5, 8 – 15, and 18 – 20 are amended by the Applicant. Claims 1 – 20, where Claims 1 and 11 are in independent form, are presented for examination.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant's arguments filed August 14, 2025 have been fully considered but they are moot based on the new grounds of rejection necessitated by amendment.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1 – 20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
1. Regarding Claims 1 and 11, the claims recite the limitations “user interaction data” and “event data” which is claimed to be a narrower limitation of user interaction data (wherein the user interaction data includes event data). The claim(s) are considered indefinite because there is a question or doubt as to whether the element “event data” is (a) merely exemplary of the remainder of user interaction data, and therefore not required, or (b) a required feature of the claims. If “event data” is required to be a feature of “user interaction data,” then “user interaction data” may include additional data and “event data.” However, the specification describes the two elements as the same data [See PGPub. 2023/0086581; Para. 0026].
2. Regarding Claims 2 – 10 and 12 – 20, the claims are rejected based on their dependency of Claims 1 and 11 and under the same rationale.
Claim Rejections - 35 USC § 103
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claim(s) 1 – 20 are rejected under 35 U.S.C. 103 as being unpatentable over PGPub. 2019/0297079 (hereinafter “Delcourt”), in view of PGPub. 2021/0350021 (hereinafter “Wang”).
3. Regarding Claims 1 and 11, Delcourt discloses an edge computing device within a content delivery network for providing user interaction data to third-party services in a privacy compliant manner [Abstract; Figs. 10 and 11; Para. 0029], the edge computing device comprising:
one or more processors [Fig. 11; Para. 0132]; and
a non-transitory computer-readable memory coupled to the one or more processors and storing instructions thereon that, when executed by the one or more processors [Fig. 11; Para. 0132, 0136], cause the one or more processors to:
receive, from a client device proximate to the edge computing device, user interaction data generated based on user interactions with web or application content provided by a host web or application server different from the edge computing device, wherein the user interaction data includes event data [Figs. 1-4; Para. 0029, 0053, 0055-57; reverse proxy server obtains user attempt to login using a user credential; proxy server proxies information between the host web or application server and client device];
store user biographical information [Para. 0010, 0055, 0070, 0073; reverse proxy server exchanges messages with the client device and obtains credential information and metadata regarding the use of the credential, such as time, location, etc.];
perform a consent validation of the user interaction data
and
Delcourt, however, does not specifically disclose of performing a consent validation of the user interaction data with respect to at least one third-party service different from the host web or application server, associating the user interaction data with the user biographical information, and in response to determining that the user interaction data passes the consent validation with respect to the third-party service, provide the user interaction data with the user biographical information to the third-party service.
Wang discloses a system and method for sharing user data with a third-party component provider [Abstract]. Wang further discloses that when a client device accesses content from a web server, third-party cookies can also be stored on the client device that can be used to storing stateful information, recording browsing activity, and authenticating users [Para. 0032-33]. Wang also discloses that when the client device loads content from the web server, it can request additional information to be retrieved from the digital component distribution system, which can also store the third-party cookie on the client device (associating the user interaction data with the user biographical information,) [Para. 0039]. Additionally, Wang discloses that the user can provide consent settings that indicate what type of user data can be provided to which third-party digital component providers (performing a consent validation of the user interaction data with respect to at least one third-party service different from the host web or application server and in response to determining that the user interaction data passes the consent validation with respect to the third-party service, provide the user interaction data with the user biographical information to the third-party service) [Para. 0041-42, 0083-86].
It would have been obvious to one skilled in the art before the effective filing date of the current invention to incorporate the teachings of Wang with Delcourt since both systems monitor and regulate what user data can be accessed by servers based on user preferences. The combination would enable the Delcourt system to also identify and restrict the type of user data that is accessible to third-party entities when generating web content. The motivation to do so is to provide more user control of which entities can access which types of user data for improved user customization and security [Wang; Para. 0024].
4. Regarding Claims 2 and 12, Delcourt, in view of Wang, discloses the limitations of Claims 1 and 11. Delcourt further discloses that performing a consent validation of the user interaction data includes:
obtaining location information for the client device [Para. 0010, 0064, 0088; location of the requesting device];
applying state compliance requirements to the user interaction data based on the location information [Para. 0040, 0045, 0050; rules based on source or destination country]; and
determining whether the user interaction data can be provided to the third-party service based on the state compliance requirements [Para. 0040, 0045, 0066, 0070; rules based on source or destination country].
5. Regarding Claims 3 and 13, Delcourt, in view of Wang, discloses the limitations of Claims 1 and 11. Wang further discloses that performing a consent validation of the user interaction data [Para. 0041-42, 0083-86] includes:
obtaining one or more permissions from the client device [Para. 0072-76; consent element also sent from client device]; and
determining whether the user interaction data can be provided to the third-party service based on the one or more permissions obtained from the client device [Para. 0041-42, 0072-76; consent elements indicate restrictions/permissions for user data and for which third-party entity].
6. Regarding Claims 4 and 14, Delcourt, in view of Wang, discloses the limitations of Claims 3 and 13. Wang further discloses that at least one of the permissions indicates third-party services permitted to receive the user interaction data [Para. 0041-42, 0072-76; consent elements indicate restrictions/permissions for user data and for which third-party entity].
7. Regarding Claims 5 and 15, Delcourt, in view of Wang, discloses the limitations of Claims 1 and 11. Wang discloses of generating a user identifier for a user, providing the user identifier to the client device, wherein the user identifier is stored at the client device, and receiving the user identifier with the user interaction data [Para. 0032-36, 0086; user ID and user’s third-party cookie].
8. Regarding Claims 6 and 16, Delcourt, in view of Wang, discloses the limitations of Claims 5 and 15. Wang further discloses that the client device determines that the user identifier is from an authorized domain [Para. 0032-36, 0086; user ID and user’s third-party cookie], such that the user identifier is a persistent user identifier that the client device continuously stores in response to determining that the persistent user identifier is from the authorized domain [Para. 0032-36, 0086; user ID and user’s third-party cookie], and wherein the client device provides the persistent user identifier to the edge computing device each time the client devices accesses a website or application provided by the host web or application server [Para. 0032-36, 0086; user ID and user’s third-party cookie].
9. Regarding Claims 7 and 17, Delcourt, in view of Wang, discloses the limitations of Claims 5 and 15. Wang further discloses of providing the user identifier to the third-party service [Para. 0086; user ID and user’s third-party cookie].
10. Regarding Claims 8 and 18, Delcourt, in view of Wang, discloses the limitations of Claims 5 and 15. Wang further discloses of:
obtaining, at the edge computing device from the third-party service, a specific user identifier for the third-party service [Para. 0041-42, 0053-54, 0072-76; third-party cookies registered by third-party entities];
storing, by the edge computing device, a mapping of the user identifier to the specific user identifier for the third-party service [Para. 0041-42, 0053-54, 0072-76; third-party cookies registered by third-party entities]; and
in response to determining that the user interaction data passes the consent validation with respect to the third-party service, providing, by the edge computing device, the specific user identifier to the third-party service [Para. 0041-42, 0053-54, 0072-76; consent elements indicate restrictions/permissions for user data and for which third-party entity].
11. Regarding Claims 9 and 19, Delcourt, in view of Wang, discloses the limitations of Claims 1 and 11. Wang further discloses that the user interaction data passes the consent validation in a first instance [Para. 0041-42, 0053-54, 0072-76; user consent settings allow access to user data for the particular third-party entity], and further comprising:
in a second instance [Para. 0041-42, 0053-54, 0072-76; subsequent activity and/or time]:
in response to determining that the user interaction data does not pass the consent validation with respect to the third-party service, preventing, by the edge computing device, the user interaction data from being provided to the third-party service [Para. 0041-42, 0053-54, 0072-76; access can be denied based on expiration of consent].
12. Regarding Claims 10 and 20, Delcourt, in view of Wang, discloses the limitations of Claims 1 and 11. Wang further discloses of:
receiving, by the edge computing device, a request to add a new third-party service [Para. 0041-42, 0053-54, 0072-76; create new consent setting for new third-party];
in response to receiving the request, performing the consent validation of the user interaction data with respect to the new third-party service [Para. 0041-42, 0053-54, 0072-76; consent elements indicate restrictions/permissions for user data and for which third-party entity]; and
in response to determining that the user interaction data passes the consent validation with respect to the new third-party service, providing, by the edge computing device, the user interaction data to the new third-party service [Para. 0041-42, 0053-54, 0072-76; consent elements indicate restrictions/permissions for user data and for which third-party entity].
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. PGPub. 2021/0064777; PGPub. 2021/0392136; PGPub. 2021/0374281.
Contacts
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Tae K. Kim, whose telephone number is (571) 270-1979. The examiner can normally be reached on Monday - Friday (10:00 AM - 6:30 PM EST).
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jorge Ortiz-Criado, can be reached on (571) 272-7624. The fax phone number for submitting all Official communications is (703) 872-9306. The fax phone number for submitting informal communications such as drafts, proposed amendments, etc., may be faxed directly to the examiner at (571) 270-2979.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free).
/TAE K KIM/Primary Examiner, Art Unit 2496