INFORMATION PRIVACY PROTECTION METHOD AND APPARATUS, DEVICE, AND STORAGE MEDIUM

§103 §112

DETAILED ACTION 1. This office action is in response to an amendment filed on 12/08/2025. Claim 1-20 are pending and claims 1, 8 and 16 are independent. Each independent claim is amended. Notice of Pre-AIA or AIA Status 2. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments 3. Applicant’s arguments filed on December 8, 2025, with regarding to the 35 U.S.C. 102 rejections with respect to the independent claims 1, 11 and 15 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. 4. a. Applicant’s arguments filed on December 8, 2025, with regard to the 35 U.S.C. 112(b) rejection to the claims 3-4 is persuasive. The amendment made to claims 3-4 overcomes the 35 U.S.C. 112(b) rejection set forth in the previous office action. Thus this rejection is withdrawn. However, regarding the 35 U.S.C. 112(b) rejection to each independent claims 1, 8 and 16, applicant’s arguments have been fully considered but are not persuasive. The amendments that were added to each independent claims to overcome this particular rejection introduces languages that appears to be just a definition of a “privacy protection” that doesn’t positively recite that the claimed method actually performs the computation on privacy-protected data. In particular each independent claims 1, 8 and 16 recites the following ambiguous amended limitation: “privacy protection is a security method in which performing privacy protection on data, computing the data which has been privacy protected, and still being able to obtain the computed data by removing the privacy protection”. Examiner would like to point out that, the above amended limitation merely defines privacy protection conceptually and doesn’t specifically recite that the claimed method performs computation on privacy-protected data. Therefore, the above amended claim limitation/language introduces ambiguity regarding the scope of the claimed invention. Specifically, it is unclear whether the claim requires computation to be performed on privacy-protected data or whether the above limitation merely defines or describes characteristics of “privacy protection” Thus, the above limitation, does not impose a structural or functional limitation beyond the definition of privacy protection operation and generally considered as “intended use” or “explanatory language” and are treated as “non-limiting” However, if the above claims are amended in such a way that the claim actually “performs privacy protection on data by computing the data which has been privacy protected, and still being able to obtain the computed data by removing the privacy protection”, then, examiner would like to point out that, the newly founded prior art US Publication No. 2020/0177366 A1 A1 Han discloses the above amended claim limitation “performing privacy protection on data [Par. 0031, “perform homomorphic encryption on data m …to perform privacy protection] computing the data which has been privacy protected [“para. 0031, “and can even further perform another operation that satisfies additive homomorphism on homomorphic ciphertext c obtained through encryption”] and still being able to obtain the computed data by removing the privacy protection [Para. 0031, “ decrypt homomorphic ciphertext c or an operation result of homomorphic ciphertext c by using private key”]. b. Applicant’s representative further argued that the following amended/underlined claim limitations (bolded and/or underlined) recited in independent claims 1, 8 and 16 aren’t disclosed by the references/prior arts of the record namely by Lee: the first privacy protection operation comprises at least one of the following: after a communications network performs privacy protection on data from the terminal, the communications network sending the privacy-protected data to a server; after a communications network removes privacy protection from data from a server, the communications network sending the privacy protection removed data to the terminal. The office would like to point out that, the newly founded prior art international application WO 2000/038382 Ura discloses the above limitation. In particular Ura discloses: the first privacy protection operation comprises at least one of the following: after a communications network performs privacy protection on data from the terminal, the communications network sending the privacy-protected data to a server [See at least abstract, where the gateway server 200/communication network performs privacy protection on request/data from the client device 100/terminal and establish ciphered communication with the content server (300). “wherein a ciphered communication request making unit (101) of a client device (100) sends a request of security of the communication path to a gateway server (200), a ciphered communication control unit (203) of the gateway server (200) sets up ciphered communication with a content server (300) in response to the request”]; after a communications network removes privacy protection from data from a server, the communications network sending the privacy protection removed data to the terminal [Abstract, the gateway server/200 after removing the privacy protection from the data received from the content server by decrypting or deciphering or removing privacy protection, the gateway server/communication network sends the privacy protection removed data to the client terminal. “the content server ciphers data to be transmitted to the client device and sends the ciphered data to the gateway server, the ciphered communication control unit of the gateway server deciphers the data and sends it to the client device”] . 5. Thus, applicant’s arguments filed on December 8, 2025, with regarding to the 35 U.S.C. 102 rejections with respect to the independent claims 1, 8 and 16 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. 6. Thus, in response to the 35 U.S.C. 102(a)1 rejection set forth in the previous office action, applicant amended at least each independent claim 1, 8 and 16, presumably to overcome the 102 rejection set forth in the previous office action. Since the newly amended claims changed the scope and necessitated new grounds of rejection, Applicant’s arguments are moot. The analysis of the claims under consideration, as amended, follows in the corresponding section below. Claim Rejections- 35 U.S.C. 112 7. The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. 8. Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA the applicant regards as the invention. The amendments that were added to each independent claims to overcome the 112(b) rejection stills introduces languages that appears to be just a definition of a “privacy protection” that doesn’t positively recite that the claimed method actually performs the computation on privacy-protected data. In particular each independent claims 1, 8 and 16 recites the following amended limitation: “privacy protection is a security method in which performing privacy protection on data, computing the data which has been privacy protected, and still being able to obtain the computed data by removing the privacy protection”. Examiner would like to point out that, the above amended limitation merely defines privacy protection conceptually and doesn’t specifically recite that the claimed method performs computation on privacy-protected data. Therefore, the above amended claim limitation/language introduces ambiguity regarding the scope of the claimed invention. Specifically, it is unclear whether the claim requires computation to be performed on privacy-protected data or whether the above limitation merely defines or describes characteristics of “privacy protection” Thus particular limitation, does not impose a structural or functional limitation beyond the definition of privacy protection operation and generally considered as “intended use” or “explanatory language” and are treated as “non-limiting” However, for the purpose of examination, the office assumes that the claims will be amended in such a way that the claim actually “performs privacy protection on data by computing the data which has been privacy protected, and still being able to obtain the computed data by removing the privacy protection” instead of merely defines the definition of “privacy protection” Appropriate correction is required. 9. Dependent claims 2-7, 9-15 and 17-20 are rejected likewise under 35 U.S.C. 112(b), second paragraph, as being indefinite since it carries deficiencies of the above parent claims 1, 8 and 16. Claim Rejections - 35 USC § 103 10. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 11. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 12. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Examiner’s note: text in bold corresponds to the claimed limitations; text in italics underlined or not underlined correspond to the cited prior art reference (i.e., verbatim, and/or examiner’s clarification. Meaning, text after a limitation in brackets [ ] corresponds to examiner’s mapping (including further explanation and/or comments) and/or prior art reference citations. Furthermore text in brackets [ ] points out explanation how the claim limitation is taught or explicitly taught by the reference being cited for that particular limitation or part of the limitation] 13. Claims 1-20 are rejected under AIA 35 U.S.C. 103 as being unpatentable over Soo Bum Lee (herein after referred as Lee) (International Publication No. WO2019/139852A1) (July 18, 2019) (This prior art is provided with the IDS) in view of in view of Han et al (Han) (US Pub. No. 2020/0177366 A1 A1, Pub. Date: Jun 4, 2020) and further in view of Ura et al (Ura) (International application WO2000/038382A1, Pub. Date: 06/29/2000) Examiner Note: The limitation, “privacy protection”/”privacy protection operation” is interpreted as it is defined in claim 5, such as encryption, integrity protection, scrambling, decrypting or descrambling [See claim 5] The following is referring to independent claims 1, 8 and 16: As per independent claim 1, Lee discloses an information privacy protection method performed by a first communications device [See at least figure 7, See UE 302], comprising: sending first information, wherein the first information comprises at least one of the following: first request information, wherein the first request information is used to request to perform a first privacy protection operation on information and/or data related to a terminal [Para. 0086, FIG. 7 is a signaling diagram illustrating exemplary signaling to configure AS and UPF security for a protocol data unit (PDU) session. At 702, a user equipment (UE) 302 may generate and transmit a PDU session establishment request message to a network node (e.g., AMF 310) within a core network via a radio access network (RAN) serving the UE 302. The PDU session establishment request message may include, for example, a request for the UE 302 to establish a PDU session or a data flow within a PDU session with an external data network via an application function (AF) 316 associated with the application provided by the external data network. In some examples, the PDU session establishment request message may further include the access tratum (AS) security capabilities of the UE 302. In some examples, the AS security capabilities of the UE may include a list of security configuration indexes (SCIs) that may be supported by the UE 302 and/or an SCI request indicating a requested SCI to be utilized for the PDU session or data flow (QoS flow) within the PDU session. See para. 0077, The SCI may indicate, for example, whether AS security is enabled or disabled and whether UPF security is enabled or disabled for the PDU session (or data flow). The SCI may further indicate, for example, a list of selected security algorithms for each type of security (e.g., AS/UPF integrity protection or AS/UPF ciphering)]; capability information of the terminal, wherein the capability information of the terminal is used to indicate that the terminal has a capability of performing privacy protection on information and/or data, or that the terminal has no capability of performing privacy protection on information and/or data [Figure 5 and figure 7, para 0068-0069, 0071-0072 and 0077, 0086, he PDU session establishment request message may include a set of capabilities of the UE 302. In some examples, the set of capabilities may include access stratum (AS) security capabilities of the UE. In other examples, the AS security capabilities and other UE capabilities may be discerned from a UE profile maintained in the core network 306 (e.g., within the AMF 310, SMF 312, and/or PCF 314); the PDU session establishment request message based on the set of capabilities. AS security may include integrity protection, ciphering (encryption), or both integrity protection and ciphering of control plane messages (e.g., RRC messages) or user plane messages (e.g., user plane data) at the PDCP layer]; and privacy protection indication information, wherein the privacy protection indication information is used to indicate that privacy protection has been performed on the information and/or the data related to the terminal, or is used to indicate that no privacy protection has been performed on the information and/or the data related to the terminal [See at least figure 5 and figure 7, Para. 0077-0078, The AS security policy and UPF security policy may be collectively indicated by security configuration information, such as a security configuration index (SCI). The SCI may indicate, for example, whether AS security is enabled or disabled and whether UPF security is enabled or disabled for the PDU session (or data flow). The SCI may further indicate, for example, a list of selected security algorithms for each type of security (e.g., AS/UPF integrity protection or AS/UPF ciphering). The list of selected security algorithms may further indicate whether a particular security algorithm is optional, mandatory, or not allowed to use for each security type and may further indicate an order of preference of security algorithms for each security type. An example format for various SCIs 500 is illustrated in FIG. 5. Each SCI 500 includes an AS ciphering indicator 502 indicating whether AS ciphering is enabled or disabled, an AS integrity protection indicator 504 indicating whether AS integrity protection is enabled or disabled, a UPF ciphering indicator 506 indicating whether UPF ciphering is enabled or disabled, and a UPF integrity protection 508 indicator indicating whether UPF integrity protection is enabled or disabled.] Lee discloses all the limitation recited in the claim 1 but doesn’t explicitly disclose the following underlined/amended claim limitation: “performing privacy protection on data computing the data which has been privacy protected, and still being able to obtain the computed data by removing the privacy protection”. However, Han discloses the above amended claim limitation: In particular Han discloses: “performing privacy protection on data [Par. 0031, “perform homomorphic encryption on data m …to perform privacy protection] computing the data which has been privacy protected [“para. 0031, “and can even further perform another operation that satisfies additive homomorphism on homomorphic ciphertext c obtained through encryption”] and still being able to obtain the computed data by removing the privacy protection [Para. 0031, “ decrypt homomorphic ciphertext c or an operation result of homomorphic ciphertext c by using private key”]. Lee and Han analogous arts and are in the same field of endeavor as they both pertain or directed to protection of data privacy using encryption/decryption. It would have been obvious to one having ordinary skill in the art, before the effective filing of the claimed invention, to implement to modify the system of Lee by adding a privacy mechanism such as “performing privacy protection on data computing the data which has been privacy protected, and still being able to obtain the computed data by removing the privacy protection” as taught by Han because this would enhance the security of the system by preserving privacy since Homomorphic encryption provides computations to be performed on encrypted data without first having to decrypt it. The resulting computations are left in an encrypted form which, when decrypted, result in an output that is identical to that of the operations performed on the unencrypted data. [See Han, abstract see “Homomorphic encryption” that can be used for privacy-preserving and computation. This allows data to be encrypted and outsourced for processing, all while encrypted]. The combination of Lee and Han doesn’t explicitly disclose the following underlined/amended claim limitation: “the first privacy protection operation comprises at least one of the following: after a communications network performs privacy protection on data from the terminal, the communications network sending the privacy-protected data to a server; after a communications network removes privacy protection from data from a server, the communications network sending the privacy protection removed data to the terminal. However, Ura discloses the above limitation. In particular Ura discloses: the first privacy protection operation comprises at least one of the following: after a communications network performs privacy protection on data from the terminal, the communications network sending the privacy-protected data to a server [See at least abstract, where the gateway server 200/communication network performs privacy protection on request/data from the client device 100/terminal and establish ciphered communication with the content server (300). “wherein a ciphered communication request making unit (101) of a client device (100) sends a request of security of the communication path to a gateway server (200), a ciphered communication control unit (203) of the gateway server (200) sets up ciphered communication with a content server (300) in response to the request”]; after a communications network removes privacy protection from data from a server, the communications network sending the privacy protection removed data to the terminal [Abstract, the gateway server/200 after removing the privacy protection from the data received from the content server by decrypting or deciphering or removing privacy protection, the gateway server/communication network sends the privacy protection removed data to the client terminal. “the content server ciphers data to be transmitted to the client device and sends the ciphered data to the gateway server, the ciphered communication control unit of the gateway server deciphers the data and sends it to the client device”] . Lee, Han and Ura analogous arts and are in the same field of endeavor as they all pertain or directed to protection of data privacy using encryption/decryption. It would have been obvious to one having ordinary skill in the art, before the effective filing of the claimed invention, to implement to modify the system of Lee and Han by adding a privacy mechanism such as “the first privacy protection operation comprises at least one of the following: after a communications network performs privacy protection on data from the terminal, the communications network sending the privacy-protected data to a server; after a communications network removes privacy protection from data from a server, the communications network sending the privacy protection removed data to the terminal” as taught by Ura because this would enhance the security of the network structure of the system by managing privacy protection operations for communication between the terminal and the server, thereby improving the security and manageability of data transmission. [See Ura at least Abstract, where the gateway server/200 after removing the privacy protection from the data received from the content server by decrypting or deciphering or removing privacy protection, the gateway server/communication network sends the privacy protection removed data to the client terminal. “the content server ciphers data to be transmitted to the client device and sends the ciphered data to the gateway server, the ciphered communication control unit of the gateway server deciphers the data and sends it to the client device”] . As per independent claim 8, discloses an information privacy protection method performed by a second communications device [See figure 7, para. 0086, (e.g., AMF 310) within a core network via a radio access network (RAN) serving the UE 302], comprising: obtaining first information and/or subscription information related to a first privacy protection operation [Figure 7, para. 0086, he PDU session establishment request message may include, for example, a request for the UE 302 to establish a PDU session or a data flow within a PDU session with an external data network via an application function (AF) 316 associated with the application provided by the external data network]; and determining, according to the first information and/or the subscription information related to the first privacy protection operation, to send second request information or not to send second request information, wherein the second request information is used to request policy information of the first privacy protection operation [Figure 7, para. 0087, At 704, the AMF 310 may select an SMF 312 for the PDU session, and at 706, transmit a PDU session create message corresponding to the PDU session establishment request message to the SMF 312. The PDU session create message may include the AS security capabilities of the UE 302, which may also include the list of supported SCIs and/or the SCI request for the PDU session or data flow (QoS flow) within the PDU session. In some examples, the SCI may be preconfigured at the SMF 312. For example, the SMF 312 may select the SCI for the PDU session based on the local configuration at the SMF 312 and the AS security capabilities of the UE 302 without contacting the PCF 314. Otherwise, at 708, the SMF 312 may request policy information, including the SCI, for the PDU session from the PCF 314 (e.g., Policy Control Get). In some examples, at 710, the PCF 314 may optionally retrieve policy information, such as session security information contained in UE subscription information or an AF profile, from the AF 316 for the PDU session]; and the first information comprises at least one of the following: first request information, wherein the first request information is used to request to perform the first privacy protection operation on information and/or data related to a terminal [[Para. 0086, FIG. 7 is a signaling diagram illustrating exemplary signaling to configure AS and UPF security for a protocol data unit (PDU) session. At 702, a user equipment (UE) 302 may generate and transmit a PDU session establishment request message to a network node (e.g., AMF 310) within a core network via a radio access network (RAN) serving the UE 302. The PDU session establishment request message may include, for example, a request for the UE 302 to establish a PDU session or a data flow within a PDU session with an external data network via an application function (AF) 316 associated with the application provided by the external data network. In some examples, the PDU session establishment request message may further include the access tratum (AS) security capabilities of the UE 302. In some examples, the AS security capabilities of the UE may include a list of security configuration indexes (SCIs) that may be supported by the UE 302 and/or an SCI request indicating a requested SCI to be utilized for the PDU session or data flow (QoS flow) within the PDU session. See para. 0077, The SCI may indicate, for example, whether AS security is enabled or disabled and whether UPF security is enabled or disabled for the PDU session (or data flow). The SCI may further indicate, for example, a list of selected security algorithms for each type of security (e.g., AS/UPF integrity protection or AS/UPF ciphering)]; capability information of the terminal, wherein the capability information of the terminal is used to indicate that the terminal has a capability of performing privacy protection on information and/or data, or that the terminal has no capability of performing privacy protection on information and/or data [[Figure 5 and figure 7, para 0068-0069, 0071-0072 and 0077, 0086, he PDU session establishment request message may include a set of capabilities of the UE 302. In some examples, the set of capabilities may include access stratum (AS) security capabilities of the UE. In other examples, the AS security capabilities and other UE capabilities may be discerned from a UE profile maintained in the core network 306 (e.g., within the AMF 310, SMF 312, and/or PCF 314); the PDU session establishment request message based on the set of capabilities. AS security may include integrity protection, ciphering (encryption), or both integrity protection and ciphering of control plane messages (e.g., RRC messages) or user plane messages (e.g., user plane data) at the PDCP layer]; And privacy protection indication information, wherein the privacy protection indication information is used to indicate that privacy protection has been performed on the information and/or the data related to the terminal, or is used to indicate that no privacy protection has been performed on the information and/or the data related to the terminal [[See at least figure 5 and figure 7, Para. 0077-0078, The AS security policy and UPF security policy may be collectively indicated by security configuration information, such as a security configuration index (SCI). The SCI may indicate, for example, whether AS security is enabled or disabled and whether UPF security is enabled or disabled for the PDU session (or data flow). The SCI may further indicate, for example, a list of selected security algorithms for each type of security (e.g., AS/UPF integrity protection or AS/UPF ciphering). The list of selected security algorithms may further indicate whether a particular security algorithm is optional, mandatory, or not allowed to use for each security type and may further indicate an order of preference of security algorithms for each security type. An example format for various SCIs 500 is illustrated in FIG. 5. Each SCI 500 includes an AS ciphering indicator 502 indicating whether AS ciphering is enabled or disabled, an AS integrity protection indicator 504 indicating whether AS integrity protection is enabled or disabled, a UPF ciphering indicator 506 indicating whether UPF ciphering is enabled or disabled, and a UPF integrity protection 508 indicator indicating whether UPF integrity protection is enabled or disabled.] Lee discloses all the limitation recited in the claim 1 but doesn’t explicitly disclose the following underlined/amended claim limitation: “performing privacy protection on data computing the data which has been privacy protected, and still being able to obtain the computed data by removing the privacy protection”. However, Han discloses the above amended claim limitation: In particular Han discloses: “performing privacy protection on data [Par. 0031, “perform homomorphic encryption on data m …to perform privacy protection] computing the data which has been privacy protected [“para. 0031, “and can even further perform another operation that satisfies additive homomorphism on homomorphic ciphertext c obtained through encryption”] and still being able to obtain the computed data by removing the privacy protection [Para. 0031, “ decrypt homomorphic ciphertext c or an operation result of homomorphic ciphertext c by using private key”]. Lee and Han analogous arts and are in the same field of endeavor as they both pertain or directed to protection of data privacy using encryption/decryption. It would have been obvious to one having ordinary skill in the art, before the effective filing of the claimed invention, to implement to modify the system of Lee by adding a privacy mechanism such as “performing privacy protection on data computing the data which has been privacy protected, and still being able to obtain the computed data by removing the privacy protection” as taught by Han because this would enhance the security of the system by preserving privacy since Homomorphic encryption provides computations to be performed on encrypted data without first having to decrypt it. The resulting computations are left in an encrypted form which, when decrypted, result in an output that is identical to that of the operations performed on the unencrypted data. [See Han, abstract see “Homomorphic encryption” that can be used for privacy-preserving and computation. This allows data to be encrypted and outsourced for processing, all while encrypted]. The combination of Lee and Han doesn’t explicitly disclose the following underlined/amended claim limitation: “the first privacy protection operation comprises at least one of the following: after a communications network performs privacy protection on data from the terminal, the communications network sending the privacy-protected data to a server; after a communications network removes privacy protection from data from a server, the communications network sending the privacy protection removed data to the terminal. However, Ura discloses the above limitation. In particular Ura discloses: the first privacy protection operation comprises at least one of the following: after a communications network performs privacy protection on data from the terminal, the communications network sending the privacy-protected data to a server [See at least abstract, where the gateway server 200/communication network performs privacy protection on request/data from the client device 100/terminal and establish ciphered communication with the content server (300). “wherein a ciphered communication request making unit (101) of a client device (100) sends a request of security of the communication path to a gateway server (200), a ciphered communication control unit (203) of the gateway server (200) sets up ciphered communication with a content server (300) in response to the request”]; after a communications network removes privacy protection from data from a server, the communications network sending the privacy protection removed data to the terminal [Abstract, the gateway server/200 after removing the privacy protection from the data received from the content server by decrypting or deciphering or removing privacy protection, the gateway server/communication network sends the privacy protection removed data to the client terminal. “the content server ciphers data to be transmitted to the client device and sends the ciphered data to the gateway server, the ciphered communication control unit of the gateway server deciphers the data and sends it to the client device”] . Lee, Han and Ura analogous arts and are in the same field of endeavor as they all pertain or directed to protection of data privacy using encryption/decryption. It would have been obvious to one having ordinary skill in the art, before the effective filing of the claimed invention, to implement to modify the system of Lee and Han by adding a privacy mechanism such as “the first privacy protection operation comprises at least one of the following: after a communications network performs privacy protection on data from the terminal, the communications network sending the privacy-protected data to a server; after a communications network removes privacy protection from data from a server, the communications network sending the privacy protection removed data to the terminal” as taught by Ura because this would enhance the security of the network structure of the system by managing privacy protection operations for communication between the terminal and the server, thereby improving the security and manageability of data transmission. [See Ura at least Abstract, where the gateway server/200 after removing the privacy protection from the data received from the content server by decrypting or deciphering or removing privacy protection, the gateway server/communication network sends the privacy protection removed data to the client terminal. “the content server ciphers data to be transmitted to the client device and sends the ciphered data to the gateway server, the ciphered communication control unit of the gateway server deciphers the data and sends it to the client device”] . As per independent claim 16, independent claim 16 has the same scope as that of the independent claim 1. Thus, is rejected for the same reason/rationale as that of the above independent claim 1. The following is referring to dependent claims 2-7, 9-15 and 17-20: As per dependent claim 2, the combination of Lee, Han and Ura discloses the method/system as applied to claims above. Furthermore, Lee discloses the method/system wherein the first request information comprises at least one of the following: first indication information, wherein the first indication information is used to request to perform the first privacy protection operation on information and/or data of a first object [[[Para. 0086, FIG. 7 is a signaling diagram illustrating exemplary signaling to configure AS and UPF security for a protocol data unit (PDU) session. At 702, a user equipment (UE) 302 may generate and transmit a PDU session establishment request message to a network node (e.g., AMF 310) within a core network via a radio access network (RAN) serving the UE 302. The PDU session establishment request message may include, for example, a request for the UE 302 to establish a PDU session or a data flow within a PDU session with an external data network via an application function (AF) 316 associated with the application provided by the external data network. In some examples, the PDU session establishment request message may further include the access tratum (AS) security capabilities of the UE 302. In some examples, the AS security capabilities of the UE may include a list of security configuration indexes (SCIs) that may be supported by the UE 302 and/or an SCI request indicating a requested SCI to be utilized for the PDU session or data flow (QoS flow) within the PDU session. See para. 0077, The SCI may indicate, for example, whether AS security is enabled or disabled and whether UPF security is enabled or disabled for the PDU session (or data flow). The SCI may further indicate, for example, a list of selected security algorithms for each type of security (e.g., AS/UPF integrity protection or AS/UPF ciphering)]; ; description information of the first object; and a direction in which the first privacy protection operation is requested, wherein the direction in which the first privacy protection operation is requested is used to request to perform the first privacy protection operation on information and/or data conforming to the direction in which the first privacy protection operation is requested [Figure 7, Para. 0086 and 0079, physical uplink control channels (PUCCEEs), and physical downlink control channels (PDCCELs)], wherein the first object comprises at least one of the following: a terminal, a first service, first information, first data, a first data channel, and a first computing task; and the description information of the first object comprises at least one of the following: description information of the terminal, description information of the first service, description information of the first information, description information of the first data, description information of the first data channel, and description information of the first computing task; the direction in which the first privacy protection operation is requested comprises at least one of the following: uplink or downlink [Para 0086, and Parag 0068-0069 and figure 7]. As per dependent claim 17, is rejected for the same reason/rationale as that of the above dependent claim 2. As per dependent claim 3, the combination of Lee, Han and Ura discloses the method/system as applied to claims above. Furthermore, Lee discloses the method/system wherein the first request information comprises at least one of the following: a privacy protection operation; and a privacy protection removal operation [See at least figure 5 and [[Para. 0086, FIG. 7 is a signaling diagram illustrating exemplary signaling to configure AS and UPF security for a protocol data unit (PDU) session. At 702, a user equipment (UE) 302 may generate and transmit a PDU session establishment request message to a network node (e.g., AMF 310) within a core network via a radio access network (RAN) serving the UE 302. The PDU session establishment request message may include, for example, a request for the UE 302 to establish a PDU session or a data flow within a PDU session with an external data network via an application function (AF) 316 associated with the application provided by the external data network. In some examples, the PDU session establishment request message may further include the access tratum (AS) security capabilities of the UE 302. In some examples, the AS security capabilities of the UE may include a list of security configuration indexes (SCIs) that may be supported by the UE 302 and/or an SCI request indicating a requested SCI to be utilized for the PDU session or data flow (QoS flow) within the PDU session. See para. 0077, The SCI may indicate, for example, whether AS security is enabled or disabled and whether UPF security is enabled or disabled for the PDU session (or data flow). The SCI may further indicate, for example, a list of selected security algorithms for each type of security (e.g., AS/UPF integrity protection or AS/UPF ciphering)] . As per dependent claim 4, the combination of Lee, Han and Ura discloses the method/system as applied to claims above. Furthermore, Lee discloses the method/system wherein the direction in which the first privacy protection operation is requested comprises at least one of the following: a direction in which privacy protection is requested, to request to perform a privacy protection operation on information and/or data conforming to the direction in which privacy protection is requested; and a direction in which privacy protection removal is requested, to request to perform a privacy protection removal operation on information and/or data conforming to the direction in which privacy protection removal is requested [See at least figure 7, para 0086 and para. 0079, , physical uplink control channels (PUCCEEs), and physical downlink control channels (PDCCELs)] As per dependent claim 14, is rejected for the same reason/rationale as that of the above independent claim 8. As per dependent claim 5, the combination of Lee, Han and Ura discloses the method/system as applied to claims above. Furthermore, Lee discloses the method/system wherein the privacy protection operation comprises at least one of the following: encrypting information and/or data; performing integrity protection on information and/or data; scrambling information and/or data; and processing information and/or data by using a privacy protection algorithm; and/or the privacy protection removal operation comprises at least one of the following: decrypting information and/or data; performing integrity protection removal on information and/or data; descrambling information and/or data; and performing privacy protection removal on information and/or data on which privacy protection has been performed [See at least figure 5 and figure 7, Para. 0077-0078, The AS security policy and UPF security policy may be collectively indicated by security configuration information, such as a security configuration index (SCI). The SCI may indicate, for example, whether AS security is enabled or disabled and whether UPF security is enabled or disabled for the PDU session (or data flow). The SCI may further indicate, for example, a list of selected security algorithms for each type of security (e.g., AS/UPF integrity protection or AS/UPF ciphering). The list of selected security algorithms may further indicate whether a particular security algorithm is optional, mandatory, or not allowed to use for each security type and may further indicate an order of preference of security algorithms for each security type. An example format for various SCIs 500 is illustrated in FIG. 5. Each SCI 500 includes an AS ciphering indicator 502 indicating whether AS ciphering is enabled or disabled, an AS integrity protection indicator 504 indicating whether AS integrity protection is enabled or disabled, a UPF ciphering indicator 506 indicating whether UPF ciphering is enabled or disabled, and a UPF integrity protection 508 indicator indicating whether UPF integrity protection is enabled or disabled.] As per dependent claim 15, is rejected for the same reason/rationale as that of the above independent claim 8. As per dependent claim 6, the combination of Lee, Han and Ura discloses the method/system as applied to claims above. Furthermore, Lee discloses the method/system wherein the sending first information comprises: sending the first request information in a case that a first condition is met, wherein the first condition comprises at least one of the following: information and/or data of a first object need/needs to be disclosed to a first target end; the information and/or the data of the first object need/needs to be sent to the first target end for computing; a network supports performing the first privacy protection operation on the information and/or the data related to the terminal; and the terminal allows the network to perform the first privacy protection operation on the information and/or the data related to the terminal [Para. 0086 and figure 5]. As per dependent claim 18, is rejected for the same reason/rationale as that of the above dependent claim 6. As per dependent claim 7, the combination of Lee, Han and Ura discloses the method/system as applied to claims above. Furthermore, Lee discloses the method/system wherein after the step of sending first information, the method further comprises: obtaining first response information and/or first privacy protection start information; and performing one of the following according to the first response information and/or the first privacy protection start information: sending information and/or data of a first object; and sending information and/or data of a target object, wherein the first response information comprises at least one of the following: a success response to the first request information, and description information of the target object protected by first privacy protection; the first privacy protection start information comprises at least one of the following: indication information used to indicate that first privacy protection starts, and the description information of the target object protected by first privacy protection; the target object comprises at least one of the following: a terminal, a target service, target information, target data, a target data channel, and a target computing task; the description information of the target object comprises at least one of the following: description information of the terminal, description information of the target service, description information of the target information, description information of the target data, description information of the target data channel, and description information of the target computing task; and the target object is the same as or different from the first object [Figure 7, step 722, and para. 0093, At 720, the AMF 310 may generate and transmit a PDU session request message to the RAN 304 (e.g., gNB) serving the UE 302 to configure the PDU session (or data flow within the PDU session) in the RAN 304. The PDU session request message includes the selected SCI (and optionally the MAC, if provided by the SMF 312). Based on the selected SCI, the RAN 304 selects an AS security configuration (e.g., control plane and user plane security configurations) for the PDU session (or data flow within the PDU session), an at 722, the RAN 304 transmits an RRC Connection Reconfiguration message to the UE 302 including the selected AS security configuration. The RRC Connection Reconfiguration message further includes the selected SCI (and optionally the MAC)]. As per dependent claim 19, is rejected for the same reason/rationale as that of the above dependent claim 7. As per dependent claim 9, the combination of Lee, Han and Ura discloses the method/system as applied to claims above. Furthermore, Lee discloses the method/system, wherein the subscription information related to the first privacy protection operation comprises at least one of the following: allowing and/or requiring first privacy protection; not allowing and/or not requiring first privacy protection; description information of an object allowing and/or requiring first privacy protection; and description information of an object not allowing and/or not requiring first privacy protection [See at least figure 7, para. 0086 and figure 5]. As per dependent claim 10, the combination of Lee, Han and Ura discloses the method/system as applied to claims above. Furthermore, Lee discloses the method/system, wherein the determining to send second request information comprises: in a case that a second condition is met, determining to send the second request information, wherein the second condition comprises at least one of the following: the subscription information related to the first privacy protection operation allows the first privacy protection operation to be performed on the information and/or the data related to the terminal; the subscription information related to the first privacy protection operation has an object allowing the first privacy protection operation; the terminal does not have a capability of performing privacy protection on information and/or data; no privacy protection is performed on the information and/or the data related to the terminal; the first request information is obtained; and the subscription information related to the first privacy protection operation allows the first privacy protection operation to be performed on information and/or data of all or some first objects [See at least Figure 7, step 706 and 708 and paragraph 0087, at 706, transmit a PDU session create message corresponding to the PDU session establishment request message to the SMF 312. The PDU session create message may include the AS security capabilities of the UE 302, which may also include the list of supported SCIs and/or the SCI request for the PDU session or data flow (QoS flow) within the PDU session. In some examples, the SCI may be preconfigured at the SMF 312. For example, the SMF 312 may select the SCI for the PDU session based on the local configuration at the SMF 312 and the AS security capabilities of the UE 302 without contacting the PCF 314. Otherwise, at 708, the SMF 312 may request policy information, including the SCI, for the PDU session from the PCF 314 (e.g., Policy Control Get)]. As per dependent claim 11, the combination of Lee, Han and Ura discloses the method/system as applied to claims above. Furthermore, Lee discloses the method/system, wherein the second request information comprises at least one of the following: second indication information, wherein the second indication information is used to request to perform the first privacy protection operation on information and/or data related to a second object; description information of the second object; and a direction in which the first privacy protection operation is requested, wherein the direction in which the first privacy protection operation is requested is used to request to perform the first privacy protection operation on information and/or data conforming to the direction in which the first privacy protection operation is requested, wherein the second object comprises at least one of the following: a terminal, a second service, second information, second data, a second data channel, and a second computing task; the description information of the second object comprises at least one of the following: description information of the terminal, description information of the second service, description information of the second information, description information of the second data, description information of the second data channel, and description information of the second computing task; and the second object comprises one of the following: a first object; an object that is in the first object and on which the subscription information related to the first privacy protection operation allows the first privacy protection operation to be performed; and an object on which the subscription information related to the first privacy protection operation allows the first privacy protection operation to be performed; the direction in which the first privacy protection operation is requested comprises at least one of the following: uplink or downlink [See at least figure 7, steps 712-716 and para. 0088-0089 and para. 0092] As per dependent claim 12, the combination of Lee, Han and Ura discloses the method/system as applied to claims above. Furthermore, Lee discloses the method/system, wherein the direction in which the first privacy protection operation is requested comprises at least one of the following: a direction in which privacy protection is requested, to request to perform a privacy protection operation on information and/or data conforming to the direction in which privacy protection is requested; and a direction in which privacy protection removal is requested, to request to perform a privacy protection removal operation on information and/or data conforming to the direction in which privacy protection removal is requested [[See at least figure 7, steps 712-716 and para. 0088-0089 and para. 0092] As per dependent claim 13, the combination of Lee, Han and Ura discloses the method/system as applied to claims above. Furthermore, Lee discloses the method/system, further comprising: receiving policy information of the first privacy protection operation; and performing a first operation according to the policy information of the first privacy protection operation, wherein the first operation comprises at least one of the following: generating policy information used for the first privacy protection operation on a fourth communications device; sending, to the fourth communications device, the policy information used for the first privacy protection operation on the fourth communications device; and sending first response information and/or first privacy protection start information to a second target end that performs an operation of sending information and/or data of a second object. [ Figure 7, para. 0087, At 704, the AMF 310 may select an SMF 312 for the PDU session, and at 706, transmit a PDU session create message corresponding to the PDU session establishment request message to the SMF 312. The PDU session create message may include the AS security capabilities of the UE 302, which may also include the list of supported SCIs and/or the SCI request for the PDU session or data flow (QoS flow) within the PDU session. In some examples, the SCI may be preconfigured at the SMF 312. For example, the SMF 312 may select the SCI for the PDU session based on the local configuration at the SMF 312 and the AS security capabilities of the UE 302 without contacting the PCF 314. Otherwise, at 708, the SMF 312 may request policy information, including the SCI, for the PDU session from the PCF 314 (e.g., Policy Control Get). In some examples, at 710, the PCF 314 may optionally retrieve policy information, such as session security information contained in UE subscription information or an AF profile, from the AF 316 for the PDU session]; As per dependent claim 20, is rejected for the same reason/rationale as that of the above independent claim 8. Conclusion 14. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. A. US Publication No. 20200184046 A1 to Li discloses file protection method and file processing system thereof B. US Publication No. 20210051005 A1 to Kunz discloses security capabilities using encryption. C. US Patent No. 8751788 B2 to Leach discloses systems for payment encryption accelerator D. See other cited prior arts. 15. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMSON B LEMMA whose telephone number is 571-272-3806. The examiner can normally be reached on M-F 8am-10pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). /SAMSON B LEMMA/Primary Examiner, Art Unit 2498