DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 6/3/2026 has been entered.
Response to Amendment
This office action is written in response to an amendment filed on 5/13/2026. As directed by amendment: Claims 1, 4, and 9 were amended. Claims 6 and 11 were cancelled. Claim 14 was newly added. Thus, Claims 1-5, 7-10, and 12-14 are presently pending in this application.
Response to Arguments
Applicant’s arguments with respect to Claims 1-5, 7-10, and 12-14 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claims 1-5, 7-10, and 12-14 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA the inventor(s), at the time the application was filed, had possession of the claimed invention.
Regarding Claim 1, Claim 1 recites “wherein information in the personal identifiable information fields is false information with no indication that the information is false information.” The specification does not teach “wherein information in the personal identifiable information fields is false information with no indication that the information is false information.”
Regarding Claims 2-3, Claims 2-3 are rejected under 35 U.S.C. 112(a) for their dependency on Claim 1.
Regarding Claim 4, Claim 4 recites “returning a result in response to the associating, said result including false information in at least one of the one or more data fields, said result including no indication the false information is false.” The specification does not teach “returning a result in response to the associating, said result including false information in at least one of the one or more data fields, said result including no indication the false information is false.”
Regarding Claims 5 and 7-8, Claims 5 and 7-8 are rejected under 35 U.S.C. 112(a) for their dependency on Claim 4.
Regarding Claim 9, Claim 9 recites “wherein information in the personal identifiable information fields is false information with no indication that the information is false information.” The specification does not teach “wherein information in the personal identifiable information fields is false information with no indication that the information is false information.”
Regarding Claims 10 and 12-14, Claims 10 and 12-14 are rejected under 35 U.S.C. 112(a) for their dependency on Claim 9.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The test for obviousness is not whether the features of a secondary reference may be bodily incorporated into the structure of the primary reference; nor is it that the claimed invention must be expressly suggested in any one or all of the references. Rather, the test is what the combined teachings of the references would have suggested to those of ordinary skill in the art. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981).
Claims 1-5, 7-10, and 12-14 are rejected under 35 U.S.C. 103 as being unpatentable over Iyer et al (“Iyer”, US 20230077317) in view of Wasicek et al (“Wasicek”, US 20210097201).
Regarding Claim 1, Iyer teaches a data management system including: a processor, said processor coupled to a network (par 25-26);
a data store coupled to the processor, said data store including a plurality of personal identifiable information fields (par 25-26; Fig. 2, element 200, par 22; Fig. 5, element 514, par 53; Fig. 11, elements {1108-1120}, par 68-71);
a memory device coupled to the processor, said memory device encoded with non-transitory processor-readable instructions directing the processor to perform a method including (par 25-26):
receiving a command from a user, said command operative to operate on the personal identifiable information fields, said command including at least one credential associated with the user (Fig. 2, element 200, par 22; Fig. 5, element 514, par 53; Fig. 11, elements {1108-1120}, par 68-71);
associating the credential with one or more personal identifiable information fields to determine which fields are masked, and returning a result in response to the associating (Fig. 2, element 200, par 22; Fig. 5, element 514, par 53; Fig. 11, elements {1108-1120}, par 68-71; The false information is the masked PII information as shown in Fig. 2.).
Iyer does not explicitly teach wherein information in the personal identifiable information fields is false information with no indication that the information is false information.
Wasicek teaches wherein information in the personal identifiable information fields is false information with no indication that the information is false information (par 18; par 20; par 23; The false information has no indication of being false when the fake PII is not determined to be fake.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Iyer with the fake PII information of Wasicek because it allows users to protect their privacy better (Wasicek; par 3).
Regarding Claim 2, Iyer and Wasicek teach the system of claim 1.
Iyer further teaches wherein each data field is associated with a property directing operations on the personal identifiable information (Fig. 2, element 200, par 22; Fig. 5, element 514, par 53; Fig. 11, elements {1108-1120}, par 68-71; The property is the position co-ordinates.).
Regarding Claim 3, Iyer and Wasicek teach the system of claim 1.
Iyer further teaches wherein the credential is a user identifier (Fig. 2, element 200, par 22; Fig. 5, element 514, par 53; Fig. 11, elements {1108-1120}, par 68-71; The user identifier is the credential of the recipient having the highest level of access control. The recipient is trusted and therefore identified by the user’s credential.).
Regarding Claim 4, Iyer teaches a data management system including:
a processor, said processor coupled to a network (par 25-26);
a data store coupled to the processor, said data store including a plurality of personal identifiable information fields (par 25-26; Fig. 2, element 200, par 22; Fig. 5, element 514, par 53; Fig. 11, elements {1108-1120}, par 68-71);
a memory device coupled to the processor, said memory device encoded with non-transitory processor-readable instructions directing the processor to perform a method including (par 25-26);
receiving a command from a user, said command operative to operate on personal identifiable information, said command including at least one credential associated with the user (par 25-26; Fig. 2, element 200, par 22; Fig. 5, element 514, par 53; Fig. 11, elements {1108-1120}, par 68-71);
associating the credential with one or more data fields containing personal identifiable information, and returning a result in response to the associating, said result including false information in at least one of the one or more data fields (par 25-26; Fig. 2, element 200, par 22; Fig. 5, element 514, par 53; Fig. 11, elements {1108-1120}, par 68-71; The false information is the masked PII information as shown in Fig. 2.).
Iyer does not explicitly teach said result including no indication the false information is false.
Wasicek teaches said result including no indication the false information is false (par 18; par 20; par 23; The false information has no indication of being false when the fake PII is not determined to be fake.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Iyer with the fake PII information of Wasicek because it allows users to protect their privacy better (Wasicek; par 3).
Regarding Claim 5, Iyer and Wasicek teach the system of claim 4.
Iyer further teaches wherein the association determines whether PII is masked or unmasked (par 25-26; Fig. 2, element 200, par 22; Fig. 5, element 514, par 53; Fig. 11, elements {1108-1120}, par 68-71).
Regarding Claim 7, Claim 7 is rejected with the same reasoning as Claim 2.
Regarding Claim 8, Claim 8 is rejected with the same reasoning as Claim 3.
Regarding Claim 9, Iyer teaches one or more processor readable memory devices encoded with non-transitory processor instructions directing a processor to perform a method including:
receiving a command from a user, said command operative to operate on personal identifiable information, said command including at least one credential associated with the user (par 25-26; Fig. 2, element 200, par 22; Fig. 5, element 514, par 53; Fig. 11, elements {1108-1120}, par 68-71);
associating the credential with one or more data fields containing personal identifiable information, and returning a result in response to the associating, said result including false information in at least one of the one or more data fields (par 25-26; Fig. 2, element 200, par 22; Fig. 5, element 514, par 53; Fig. 11, elements {1108-1120}, par 68-71; The false information is the masked PII information as shown in Fig. 2.).
Iyer does not explicitly teach without indicating the false information is false.
Wasicek teaches without indicating the false information is false (par 18; par 20; par 23; The false information has no indication of being false when the fake PII is not determined to be fake.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Iyer with the fake PII information of Wasicek because it allows users to protect their privacy better (Wasicek; par 3).
Regarding Claim 10, Iyer and Wasicek teach the devices of claim 9.
Iyer further teaches wherein the association determines whether PII is masked or unmasked, wherein masked data is false information (par 25-26; Fig. 2, element 200, par 22; Fig. 5, element 514, par 53; Fig. 11, elements {1108-1120}, par 68-71; The false information is the masked PII information as shown in Fig. 2.).
Regarding Claim 12, Claim 12 is rejected with the same reasoning as Claim 2.
Regarding Claim 13, Claim 13 is rejected with the same reasoning as Claim 3.
Regarding Claim 14, Iyer and Wasicek teach the system of claim 1.
Iyer further teaches wherein the false information is in the masked fields (par 25-26; Fig. 2, element 200, par 22; Fig. 5, element 514, par 53; Fig. 11, elements {1108-1120}, par 68-71; The false information is the masked PII information as shown in Fig. 2.).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Adler et al (US 20030014654), Abstract - The present invention is a system and method for handling personally identifiable information, using a rules model. The invention involves defining a limited number of privacy-related actions regarding personally identifiable information; constructing a rule for each circumstance in which one of said privacy-related actions may be taken or must be taken; allowing for the input of dynamic contextual information to precisely specify the condition for evaluation of a rule; creating a programming object containing at least one of said rules; associating the programming object with personally identifiable information; processing a request; and providing an output. The invention does not merely give a "yes-or-no answer. The invention has the advantage of being able to specify additional actions that must be taken. The invention may use a computer system and network. One aspect of the present invention is a method for handling personally identifiable information. Another aspect of the present invention is a system for executing the method of the present invention. A third aspect of the present invention is as a set of instructions on a computer-usable medium, or resident in a computer system, for executing the method of the present invention.
Netke et al (US 20220164474), Abstract - An approach for real time, round trip pseudonymization (a.k.a. anonymization or tokenization) of data on the fly, in real time, enabling remote secure processing of sensitive data such as by a cloud service. Sensitive data remains on premises with the client at all times. A user may thus run extensive queries that return sensitive data without noticing that such data was pseudonymized in transit.
Apsingekar et al (US 20220207123), Abstract - When personally identifiable information (PII) is to be stored or updated, a system first seeks consent from the user for the PII store or update. If the user grants consent, then the system stores the PII in the user's personal device or updates the PII stored in the user's personal device. The system then retrieves that PII and generates a token representing that PII. Even if the token were taken by a malicious user, it would not be possible for the malicious user to determine the user's actual PIT from the token. In this manner, the security of the PII is improved over conventional systems.
Zabar et al (US 20210176054), Abstract - A method of storing personally identifiable information includes allowing a subject to register with an application, generating private and public encryption keys, requesting and receiving a digital identity from a registrar, validating the personally identifiable information using the digital identity, and storing an encrypted version of the personally identifiable information in a data repository controlled by a subject of the personally identifiable information.
Pae et al (US 20060085443), Abstract - One embodiment of the present invention provides a system that controls access to personally identifiable information (PII) in a database system. During operation, the system receives a request from an application to perform a function which involves accessing information in the database system. In response to the request, the system identifies a purpose that the application has in making request to perform the function. Next, the system uses the purpose to identify a set of attributes in the database system, which are associated with the purpose. The system then determines if any of the identified attributes contain PII. If so, the system enforces access controls while accessing the identified attributes containing PII.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RAQIUL AMIN CHOUDHURY whose telephone number is (571)272-2482. The examiner can normally be reached Monday-Friday 7:30 AM - 5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John Follansbee can be reached at 571-272-3964. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/RAQIUL A CHOUDHURY/Examiner, Art Unit 2444