SYSTEM FOR ANONYMOUS COHORT-MATCHED CONTENT DELIVERY

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Election/Restriction Newly submitted claims 21-72 directed to an invention that is independent or distinct from the invention originally claimed for the following reasons: The newly added claims 21-72 are directed to distinct and patentable separate invention from the originally presented claims 1-20. These claims are directed to system for enabling a population of first users to deliver digital content to anonymous cohorts of second users within a population of second users. The claims introduce distinct and separate technical features and functionalities that are not encompassed within the scope of the original claims and were not previously examined. Therefore, a restriction is appropriate under 37 CFR 1.142(a) and MPEP § 803.02. The original claims generally recite a system and method for sharing user data including segregate first user private data from the accepted first user data for each first user; …anonymize attributes of the first user data to provide anonymized first user data; separately store the anonymized first user data in the data storage device; receive a request for information from a second user on a first user population according to specified attributes, wherein the request is communicated to the server via the second user's user device;…output the compiled response to the second user's user device in reply to the request, wherein the server anonymizes the attributes of the first user data to provide the anonymized first user data according to a prescribed anonymization scheme that completely masks access to the first user private data. In contrast, the new claims recite different system and method including but not limited to: a central anonymized data server that is configured to: accept and aggregate anonymized user data for second users within the population of the second users received from a plurality of distributed anonymized data servers,… selectively relay digital content to the plurality of distributed anonymized data servers, each of the plurality of distributed anonymized data servers being configured to: anonymize user private data for each user within the population of the second users received from a private data server, and receive digital content from the central anonymized data server, the private data server being configured to: accept and store private user data from the each user within the population of the second users, and accept and selectively relay digital content to each user within the population of the second users; a geographic anonymization gateway device that is configured to mask all geographic identifiers in data exchange transmissions; and a content delivery software application running on a second user device that enables a user from the population of the second users to: receive digital content from the private data server, and relay second user private data to the private data server; the second user device running the content delivery software application that enables the user from the population of the second users to at least one of display or communicate digital content received from the system and to input private data into the system, wherein each of the plurality of distributed anonymized data servers is associated with a single user from the population of the second users, and each private data server is associated with a single user from the population of the second users, and the digital content comprises: a data payload comprising any data that a user from the population of the first users wants the system to at least one of deliver or communicate to any subset of users from the population of the second users; and a cohort definition payload, the cohort definition payload being empty or further comprising one or more anonymous cohort definitions. Because these new claims recite invention that are independent and distinct from the original claims, and because they were not previously presented or examined, they constitute a separate invention under USTPO practice. Accordingly, restriction is required to promote examination efficiency and clarity. Since applicant has received an action on the merits for the originally presented invention, this invention has been constructively elected by original presentation for prosecution on the merits. Accordingly, claims 21-72 are withdrawn from consideration as being directed to a non-elected invention. See 37 CFR 1.142(b) and MPEP § 821.03. To preserve a right to petition, the reply to this action must distinctly and specifically point out supposed errors in the restriction requirement. Otherwise, the election shall be treated as a final election without traverse. Traversal must be timely. Failure to timely traverse the requirement will result in the loss of right to petition under 37 CFR 1.144. If claims are subsequently added, applicant must indicate which of the subsequently added claims are readable upon the elected invention. Should applicant traverse on the ground that the inventions are not patentably distinct, applicant should submit evidence or identify such evidence now of record showing the inventions to be obvious variants or clearly admit on the record that this is the case. In either instance, if the examiner finds one of the inventions unpatentable over the prior art, the evidence or admission may be used in a rejection under 35 U.S.C. 103 or pre-AIA 35 U.S.C. 103(a) of the other invention. Response to Amendment Applicant’s amendment filed 24 December 2025 has been received. Applicant amended claims 1, 3, 4, 16, 17, and 20 and claims 21-72 were added. However, as disclosed above, claims 21-72 are withdrawn from consideration as being directed to non-elected invention. Applicant’s amendment to the drawing overcomes the drawing objection of 26 June 2025. Therefore, the drawing objection of 26 June 2025 is withdrawn. Applicant’s amendments to the specification overcome the specification objections of 26 June 2025. Therefore, the specification objections of 26 June 2025 are withdrawn. Response to Arguments Regarding the Drawing and Specification objections: Applicant’s remarks, filed 24 December 2025, with respect to drawing and specification objections have been fully considered and are persuasive. The drawing and specification objections of 26 June 2025 have been withdrawn. Regarding the 35 USC 103 Rejection: Applicant's arguments filed 24 December 2025 have been fully considered but they are not persuasive. Applicant’s arguments: Once the Office Action applies the above-indicated strained analysis in connecting disjunctive portions of Harp to allegedly find that Harp teaches the missing feature in the putative combination of Jalal and Lefever, the Office Action finds, in an unreasonably conclusory manner that it would have been obvious to combine the teachings of these three references to arrive at the subject matter of the pending claims. Specifically, the Office Action finds that it would have been obvious "to modify Jalal's method of sharing data in view of Lafever's teachings of anonymization the private data with Harp's teachings of masks access to the private data to prevent unauthorize access of data and control access to data that has restricted access[.]" The difficulty in the analysis of the Office Action is that it violates the guidance prescribed by the courts and the MPEP. Given that each of the Jalal and Lefever references renders a complete solution to the identified shortfalls in the prior art according to each of those references, it is difficult to ascertain from the teachings of those references any motivation for making the asserted combination, much less layering on top of the disclosed data anonymization schemes of Jalal and Lefever, any alleged complete masking scheme as may be arguably taught by Harp. Applicant respectfully submits that nowhere does the Office Action, for example, specify any predictable result for combining the varyingly attenuated disclosures of these references. If an alleged predictable result may emerge from the claimed solution to a problem that neither of Jalal or Lefever allege, and as achieved by the Applicant in arriving at the inventive concept as disclosed and claimed here, then such a conclusion would evidence nothing more than an improper per se application of hindsight reasoning based on the roadmap provided by Applicant's disclosure. Examiner’s remarks: The examiner has interpreted the claims as best understood. In the recited claim 1 (14), the first user private data is segregated from the accepted first user data. The anonymization is performed on attributes of the first user data and not necessarily on the segregated first user private data. The segregated first user private data is securely stored in data storage. The claim(s) disclose(s) that it is the prescribed anonymization scheme that completely masks access to the first user private data. Therefore, as disclosed in the office action, the combination of Jalal in view of Lafever teaches the server anonymizes the attributes of the first user to provide the anonymized first user data according to a prescribed anonymization scheme. The anonymization scheme is an anonymization technique. However, the combination of Jalal in view of Lafever is deficient in disclosing an anonymization technique/scheme that completely masks access to the first user private data. Therefore, Harp discloses an anonymization scheme (masking via instructions set by a user) that completely masks access to the first user private data (paragraph 41). The motivation is recited in the office action. The results of modifying the anonymization technique of Lafever with Harp’s anonymization scheme provides predictable results for one of ordinary skill which is prevent unauthorize access of data and to provide control of access to data that has restricted access (paragraph 23 of Harp). Applicant’s remarks: The Federal Circuit has consistently reaffirmed its holdings regarding the necessary showings to assert combinability of references, none of which are provided in this Office Action. In this regard. the U.S. Supreme Court in KSR Int'l Co. v. Teleflex Inc., 550 U.S. 398, 127 S. Ct. 1727 (2007) confirmed, that "rejections on obviousness grounds cannot be sustained by mere conclusory statements; instead, there must be some articulated reasoning with some rational underpinning to support the legal conclusion of obviousness." Id. at 418 (citing In re Kahn, 441 F.3d 977 (Fed. Cir. 2006) (quoting In re Lee, 277 F.3d 1338, 1343-46 (Fed. Cir. 2002), and In re Rouffet, 149 F.3d 1350, 1355-59 (Fed. Cir. 1998)) (emphasis added). This standard is simply not met here as the alleged articulated reasoning, to the extent that it even exists, lacks any rational underpinning based on the explicitly disparate teachings of the Harp reference with respect to the Jalal and Lefever references. There is nothing, for example, in either of Jalal or Lefever, even when combined with the knowledge of one of ordinary skill in the art to support any conclusion of combinability that may be imputed to the statements in the Office Action. Again here, what are any allegedly predictable results of the asserted combination, other than an unforeseen redundancy in some belt and suspenders approach, absent Applicant's claims as a guide or a recipe to arrive at such conclusions, making the combinations of features recited in Applicant's claims in this regard, therefore, non-obvious and inventive. There is no evidence in the references, or presented in the Office Action, to support the stated conclusion that one of ordinary skill in the art would have combined a particular configuration of the disclosed combinations of features for any purpose, much less to arrive at the detailed combination of features specifically recited in the Applicant's claims. MPEP §2143.01 instructs that "[t]he mere fact that references can be combined or modified does not render the resultant combination obvious unless the results would have been predictable to one of ordinary skill in the art." Citing KSR Int'l Co., 550 U.S. at 417. Applicant respectfully submit that the rejection of the Office Action at least to the detailed combinations of features in claims 2 and 15, as now amended into claims 1 and 14 respectively. is improper in view of at least MPEP §2143.01 because the Office Action does not, and cannot, provide the required specific evidence of "predictab[ility] to one of ordinary skill in the art" for making the asserted combinations, notwithstanding the conclusory statements in the Office Action for the reasons cited above. For at least these reasons, Applicant respectfully asserts that rejection of the features of claims 2 and 15 over the combination of Jalal, Lefever and Harp, which are not combinable in the manner suggested, is overcome. Because the features of now-cancelled claims 2 and 15 are amended into independent claims 1 and 14, Applicants respectfully submit that the two independent claims, as amended, and the claims depending respectively therefrom, are allowable. Accordingly, reconsideration and withdrawal of the rejection of the features of at least claims 2 and 15, as amended, into claims 1 and 14, under 35 U.S.C. §103 as allegedly being unpatentable over Jalal, Lefever and Harp are respectfully requested. Finally, although Applicant believes that the subject matter of claims 1, 3-14 and 16-20, as amended, is patentable, and that the rejections of record in the Office Action are overcome, for the reasons cited above, and purely in an effort to streamline any further prosecution leading to allowance of this patent, Applicant has voluntarily chosen to proffer a very detailed additional set of claims that (a) are fully supported by the Applicant's specification. and (b) are clearly allowable over any, even broad, interpretation of the body of applicable prior art. Examiner’s remarks: Please see examiner’s remarks above. In addition: In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007). In response to applicant's argument that Jalal, Lafever, and Harp are nonanalogous art, it has been held that a prior art reference must either be in the field of the inventor’s endeavor or, if not, then be reasonably pertinent to the particular problem with which the inventor was concerned, in order to be relied upon as a basis for rejection of the claimed invention. See In re Oetiker, 977 F.2d 1443, 24 USPQ2d 1443 (Fed. Cir. 1992). Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1, 3-14, and 16-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Jalal et al US 20230259654 (hereinafter Jalal), in view of Lafever et al WO 2019246568 (hereinafter Lafever), and in further view of Harp et al US 20170323119 (hereinafter Harp). As to claim 1, Jalal teaches a system for sharing user data (Figure 3 reveals a system), comprising: a data storage device (Figure 3, reference number 220 “Remote Server”) for storing user data (paragraph 77 discloses the data received by the remote server is stored in one or more data stores local to the remote server); and a server (Figure 3, reference number 215 “Local Server”) that is configured to: establish communications with the data storage device and with a plurality of user devices (paragraph 74 discloses the device can engage in secure communication with the local sever 215 and transmit/communicate the data for storage processing. Paragraph 77 also discloses the local server is engage in secure communication with the remote server. Paragraph 57 reveals the remote server receives and stores data associated with a plurality of data subjects from the local cloud server); accept first user data from a plurality of first users, the first user data being [data] by the first users' user devices (paragraph 83 discloses the data is collected by devices 210, wherein the devices may be actively or passively operated by a user and collects data, the multiple devices operation upon by a same user or different users) and communicated to the server (paragraph 85 discloses the data is transmitted by the device to a local server). Jalal does not teach the first user data being input by the first users' user devices; segregate first user private data from the accepted first user data for each first user; securely store the first user private data in the data storage device; anonymize attributes of the first user data to provide anonymized first user data; separately store the anonymized first user data in the data storage device; receive a request for information from a second user on a first user population according to specified attributes, wherein the request is communicated to the server via the second user's user device; compile a response to the request for information on the first user population according to the specified attributes; and output the compiled response to the second user's user device in reply to the request, wherein the server anonymizes the attributes of the first user data to provide the anonymized first user data according to a prescribed anonymization scheme that completely masks access to the first user private data. Lafever teaches a system for sharing user data (Figure 1A and Figure 1D, paragraphs 85 and 90 disclose a system for sharing/distributing user data) that comprise a data storage device for storing user data (Figure 1A, reference number 82 “Secure databases”, see paragraph 226); and a server (Figure 1A, reference number 50 “Privacy Server”, see also paragraph 229 ); Lafever further teaches the first user data being input by the first users' user devices (paragraph 278 disclose the data set of the user containing personal information about Data Subjects(users) may serve as input to the system. Paragraph 279 discloses the data may be managed by users(thus user devices). Paragraph 265 discloses the data may be received by mobile device, wearable device, portables devices); segregate first user private data from the accepted first user data for each first user; securely store the first user private data in the data storage device (paragraph 223 discloses when the data is collected and stored, the sensitive data may be disassociated from its subjects via segmentation, which involves sensitive data being split into several pieces by data type and transmitted and / or stored in separate Circles of Trust. Paragraph 150 discloses a Circle of Trust (CoT) can store information pertaining to associations of cookies / digital footprint trackers to the Data Subject, and optionally also store a list of queries and selected links. Paragraph 616 reveals CoT is a proxy server); anonymize attributes of the first user data to provide anonymized first user data (paragraphs 147 and 223 disclose the system anonymizing and segregating data elements at the data element level and obscuring data values and data type indicators by replacing them with DDIDs); separately store the anonymized first user data in the data storage device (paragraph 224 discloses the anonymized data which is done by replacing the obscuring the data values and data types with DDIDs is stored within a circle of Trust. Paragraph 150 discloses a Circle of Trust (CoT) can store information pertaining to associations of cookies / digital footprint trackers to the Data Subject, and optionally also store a list of queries and selected links. Paragraph 616 reveals CoT Trust Party is a proxy server); receive a request for information from a second user on a first user population according to specified attributes, wherein the request is communicated to the server via the second user's user device (paragraph 286 and Figure 1D disclose a blood pressure monitoring application from a smart phone application contacts a circle of trust requesting DDID for a data subject patient. Paragraph 265 discloses the data may be received by the system from mobile device, wearable device, and/or portables devices (the mobile device, wearable device, and portable devices can be of a first user population); compile a response to the request for information on the first user population according to the specified attributes (paragraph 286 discloses the CoT Trusted Party provides a DDID for the data subject/user, wherein an application operated by the Trusted Party sends back two sets of periodically- changing information (one for GPS data, one for blood pressure levels), each consisting of DDIDs, offsets (to obscure blood pressure level data and geographic position), and encryption keys) ; and output the compiled response to the second user's user device in reply to the request (paragraph 286 and as shown in Figure 2, reference number 2, disclose the CoT Trusted Party provides a DDID response back to the blood pressure monitor smart phone application of the data subject/user), wherein the server anonymizes the attributes of the first user data to provide the anonymized first user data according to a prescribed anonymization scheme (paragraphs 147 and 223 disclose the system anonymizing and segregate data elements/attributes at the data element level and obscuring data values and data type indicators by replacing them with DDIDs. Paragraph 383-385 disclose I-diversity anonymization technique that is a form of group based anonymization which is refined by t-closeness method by treating values of an attribute distinctly by taking into account the distribution of data values for that attribute). It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Jalal’s system of sharing user data with Lafever’s system that segregates the private data, anonymizes the data, and act upon a request to provide methods and systems that improve data privacy/anonymity while minimizing re-identification risk by unauthorize parties, while enabling data related to the data subject to be disclosed to an authorized party by granting access only to the data relevant to that authorized party's purpose, time period, place and/or other criterion via the obfuscation of specific data values (abstract of Lafever). The combination of Jalal in view of Lafever does not teach, but Harp teaches an anonymization scheme that completely masks access to the first user private data (paragraph 41 discloses when a request for access by a second user is received for the data, all data is masked according to the instructions provided by the first user. Paragraphs 4 and 34 disclose the information pertains to personal information that should not be available to everyone such as social security numbers, dates of birth, medical histories and diagnoses, and other personal information). It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Jalal’s method of sharing data in view of the anonymization technique in Lafever’s teachings of anonymization the private data with Harp’s teachings of masks access to the private data to prevent unauthorize access of data and control access to data that has restricted access (paragraph 23 of Harp). As to claim 3, the combination of Jalal in view of Lafever and Harp teaches wherein the server is further configured to apply a separate encryption scheme to at least a portion of the first user private data (Harp: paragraph 41 discloses when a request for access by a second user is received for the data, all data is masked according to the instructions provided by the first user. Paragraphs 4 and 34 disclose the information pertains to personal information that should not be available to everyone such as social security numbers, dates of birth, medical histories and diagnoses, and other personal information. Paragraph 37 reveals the masking may involve encrypting the data). Motivation is the same motivation presented in claim 1. As to claim 4, the combination of Jalal in view of Lafever and Harp teaches wherein the server is further configured to apply a separate obfuscation scheme to at least a portion of the first user private data (Harp: paragraph 41 discloses when a request for access by a second user is received for the data, all data is masked according to the instructions provided by the first user. Paragraphs 4 and 34 disclose the information pertains to personal information that should not be available to everyone such as social security numbers, dates of birth, medical histories and diagnoses, and other personal information. Paragraphs 24 and 85 reveal the masking may involve obscuring the data or obfuscation the data). Motivation is the same motivation presented in claim 1. As to claim 5, the combination of Jalal in view of Lafever and Harp teaches wherein the anonymized first user data is sortable according to the attributes (Lafever: paragraphs 383-385 disclose I-diversity anonymization technique that is a form of group[sorting] based anonymization which is refined by t-closeness method by treating values of an attribute distinctly by taking into account the distribution of data values for that attribute). Motivation is similar to the motivation presented in claim 1. As to claim 6, the combination of Jalal in view of Lafever and Harp teaches wherein identification of first user private data is selectable by each first user (Lafever: paragraphs 2, 10, and 17 disclose data subject/user can select/retrieve personal information applicable for a specific action, activity and thus provide the personal information about themselves to third parties selectively; paragraph 278 discloses the data set of the user contain personal information. Therefore, protecting personal information from misuse by unauthorized or non-trusted business entities). Motivation is similar to the motivation presented in claim 1. As to claim 7, the combination of Jalal in view of Lafever and Harp teaches wherein identification of first user private data is according to a prescribed scheme (Lafever: paragraph 23 discloses scheme of temporal data representation and DDIDs scheme are used for tracking and identification of user data (including personal data) (paragraph 278 discloses the data set of the user contain personal information)). Motivation is similar to the motivation presented in claim 1. As to claim 8, the combination of Jalal in view of Lafever and Harp teaches wherein the attributes are selectable by each first user (Lafever: paragraphs 48-49 disclose via a user device, the user identifies one or more attributes of the data and selecting, through the user device, a DDID; associating the selected DDID with one or more of the data attributes (paragraph 278 discloses the data set of the user contain personal information)). Motivation is similar to the motivation presented in claim 1. As to claim 9, the combination of Jalal in view of Lafever and Harp teaches wherein the server is further configured to group the anonymized data for the plurality of first users according to the attributes (Lafever: paragraphs 147 and 223 disclose the system anonymizing and segregating data elements at the data element level and obscuring data values and data type indicators by replacing them with DDIDs; paragraph 383-385 disclose I-diversity anonymization technique that is a form of group based anonymization which is refined by t-closeness method by treating values of an attribute distinctly by taking into account the distribution of data values for that attribute). Motivation is similar to the motivation presented in claim 1. As to claim 10, the combination of Jalal in view of Lafever and Harp teaches wherein at least one of the attributes has a range of numeric values associated with the at least one of the attributes (Lafever: paragraph 355 discloses the blood pressure data for a patient with a DDID attribute of ABCD can be unlock to a perturbed version of the original value by an authorized provider, wherein the provider will be shown a range of 50-60 BPM ( the actual value is 55 BPM). Motivation is similar to the motivation presented in claim 1. As to claim 11, the combination of Jalal in view of Lafever and Harp teaches wherein the server is further configured to group the anonymized data according to discrete sub-ranges for the range of numeric values associated with the at least one of the attributes (Lafever: paragraphs 147 and 223 disclose the system anonymizing and segregating data elements at the data element level and obscuring data values and data type indicators by replacing them with DDIDs ; paragraph 31 discloses A-DDID : refers to a DDID that is used to replace an identifying data element and dereference (e.g., point) to the value of the data element, thus conveying a range/association with (or correlation between) the data element and its value, in order to impart informational value in a non-identifying manner, and optionally in accordance with specified grouping rules. Dereference grouping rules for A-DDIDs may be of (at least) two kinds of groupings: Numerical and Categorical. Numerical groupings refer to ranges of numerical values represented by A-DDIDs. Categorical groupings replace “correlates” (i.e., two or more related or complementary items) with A-DDIDs selected to represent correlations between values within each grouped-category. A-DDID dereference rules may also cover multiple fields. For example, a blood test may cover a number of variables from which one can infer heart attack risk, so the rule could specify the various combinations required for assigning heart attack risk to a particular category, e.g., high, moderate, or low). Motivation is similar to the motivation presented in claim 1. As to claim 12, the combination of Jalal in view of Lafever and Harp teaches wherein the server is further configured to group the anonymized data according to percentiles of the first user population falling within the sub-ranges for the range of numeric values associated with the at least one of the attributes (Lafever: paragraphs 147 and 223 disclose the system anonymizing and segregating data elements at the data element level and obscuring data values and data type indicators by replacing them with DDIDs; paragraph 31 discloses A-DDID : refers to a DDID that is used to replace an identifying data element and dereference (e.g., point) to the value of the data element, thus conveying a range/association with (or correlation between) the data element and its value, in order to impart informational value in a non-identifying manner, and optionally in accordance with specified grouping rules. Dereference grouping rules for A-DDIDs may be of (at least) two kinds of groupings: Numerical and Categorical. Numerical groupings refer to ranges of numerical values represented by A-DDIDs. Paragraphs 383-385 disclose I-diversity anonymization technique that is a form of group based anonymization which is refined by t-closeness method by treating values of an attribute distinctly by taking into account the distribution of data values for that attribute. I-diversity can utilize percentile rankings). Motivation is similar to the motivation presented in claim 1. As to claim 13, the combination of Jalal in view of Lafever and Harp teaches wherein the server is further configured to access publicly available data to bound the range of numeric values associated with the at least one of the attributes (Lafever: paragraph 355 discloses the blood pressure data for a patient with a DDID attribute of ABCD can be unlock from the server to a perturbed version of the original value by an authorized provider, wherein the provider will be shown a range of 50-60 BPM ( the actual value is 55 BPM)). Motivation is similar to the motivation presented in claim 1. As to claim 14, Jalal teaches a method for sharing user data (Figure 3 shows a system diagram along with a method), comprising: establishing communications between a server and a data storage device (paragraph 77 discloses the local server is engage in secure communication with the remote server. Paragraph 57 reveals the remote server receives and stores data associated with a plurality of data subjects from the local cloud server); establishing communications between a server and a plurality of user devices (paragraph 74 discloses the device(s) 210 can engage in secure communication with the local sever 215 and transmit the data for storage processing. Paragraph 77 discloses the local server is engage in secure communication with the remote server); accepting, with the server, first user data from a plurality of first users, the first user data being [data] by the first users' user devices (paragraph 83 discloses the data is collected by devices 210, wherein the devices may be actively or passively operated by a user and collects data, the multiple devices operation upon by a same user or different users) and communicated to the server (paragraph 85 discloses the data is transmitted by the device to a local server). Jalal does not teach the first user data being input by the first users' user devices; segregating, with the server, first user private data from the accepted first user data for each first user; securely storing, with the server, the first user private data in the data storage device; anonymizing attributes of the first user data, with the server, to provide anonymized first user data; separately storing, with the server, the anonymized first user data in the data storage device; receiving, with the server, a request for information from a second user on a first user population according to specified attributes, wherein the request is communicated to the server via the second user's user device; compiling, with the server, a response to the request for information on the first user population according to the specified attributes; and outputting from the server the compiled response via communication with the second user's user device in reply to the request, wherein the server anonymizes the attributes of the first user data to provide the anonymized first user data according to a prescribed anonymization scheme that completely masks access to the first user private data. Lafever teaches the first user data being input by the first users' user devices (paragraph 278 discloses the data set of the user containing personal information about Data Subjects may serve as input to the system. Paragraph 279 discloses the data may be managed by users(thus user devices). Paragraph 265 discloses the data may be received by mobile device, wearable device, portables devices); segregating first user private data from the accepted first user data for each first user; securely store the first user private data in the data storage device (paragraph 223 discloses when the data is collected and stored, the sensitive data may be disassociated from its subjects via segmentation, which involves sensitive data is split into several pieces by data type and transmitted and / or stored in separate Circles of Trust. Paragraph 150 discloses a Circle of Trust (CoT) can store information pertaining to associations of cookies / digital footprint trackers to the Data Subject, and optionally also store a list of queries and selected links. Paragraph 616 reveals CoT is a proxy server); anonymizing attributes of the first user data to provide anonymized first user data (paragraphs 147 and 223 disclose anonymizing and segregate data elements at the data element level and obscuring data values and data type indicators by replacing them with DDIDs); separately storing the anonymized first user data in the data storage device (paragraph 224 discloses the anonymized data which is done by replacing the obscuring the data values and data types with DDIDs is stored within a circle of Trust. Paragraph 150 discloses a Circle of Trust (CoT) can store information pertaining to associations of cookies / digital footprint trackers to the Data Subject, and optionally also store a list of queries and selected links. Paragraph 616 reveals CoT Trust Party is a proxy server); receiving a request for information from a second user on a first user population according to specified attributes, wherein the request is communicated to the server via the second user's user device (paragraph 286 and Figure 1D disclose a blood pressure monitoring application from a smart phone application contacts a circle of trust requesting DDID for a data subject patient); compiling a response to the request for information on the first user population according to the specified attributes (paragraph 286 discloses the CoT Trusted Party provides a DDID for the data subject/user, wherein an application operated by the Trusted Party sends back two sets of periodically- changing information (one for GPS data, one for blood pressure levels), each consisting of DDIDs, offsets (to obscure blood pressure level data and geographic position), and encryption keys) ; and outputting the compiled response to the second user's user device in reply to the request (paragraph 286 and as shown in Figure 2, reference number 2, the CoT Trusted Party provides a DDID response back to the blood pressure monitor smart phone application of the data subject/user), wherein the server anonymizes the attributes of the first user data to provide the anonymized first user data according to a prescribed anonymization scheme (paragraphs 147 and 223 disclose the system anonymizing and segregate data elements/attributes at the data element level and obscuring data values and data type indicators by replacing them with DDIDs. Paragraph 383-385 disclose I-diversity anonymization technique that is a form of group based anonymization which is refined by t-closeness method by treating values of an attribute distinctly by taking into account the distribution of data values for that attribute). It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Jalal’s method of sharing user data with Lafever’s method that segregates the private data, anonymizes the data, and act upon a request to provide methods and systems that improve data privacy/anonymity while minimizing re-identification risk by unauthorize parties, while enabling data related to the data subject to be disclosed to an authorized party by granting access only to the data relevant to that authorized party's purpose, time period, place and/or other criterion via the obfuscation of specific data values (abstract of Lafever). The combination of Jalal in view of Lafever does not teach, but Harp teaches an anonymization scheme completely masks access to the first user private data (paragraph 41 discloses when a request for access by a second user is received for the data, all data is masked according to the instructions provided by the first user. Paragraphs 4 and 34 disclose the information pertains to personal information that should not be available to everyone such as social security numbers, dates of birth, medical histories and diagnoses, and other personal information). It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Jalal’s method of sharing data in view of the anonymization technique in Lafever’s teachings of anonymization the private data with Harp’s teachings of masks access to the private data to prevent unauthorize access of data and control access to data that has restricted access (paragraph 23 of Harp). As to claim 16, the combination of Jalal in view of Lafever and Harp teaches wherein the server is further configured to apply a separate encryption scheme to at least a portion of the first user private data (Harp: paragraph 41 discloses when a request for access by a second user is received for the data, all data is masked according to the instructions provided by the first user. Paragraphs 4 and 34 disclose the information pertains to personal information that should not be available to everyone such as social security numbers, dates of birth, medical histories and diagnoses, and other personal information. Paragraph 37 reveals the masking may involve encrypting the data. Figure 4 and paragraphs 28 and 35 disclose the masking is performed via the dynamic masking system which is part of the database server). Motivation is the same motivation presented in claim 14. As to claim 17, the combination of Jalal in view of Lafever and Harp teaches wherein the server is further configured to apply a separate obfuscation scheme to at least a portion of the first user private data (Harp: paragraph 41 discloses when a request for access by a second user is received for the data, all data is masked according to the instructions provided by the first user. Paragraphs 4 and 34 disclose the information pertains to personal information that should not be available to everyone such as social security numbers, dates of birth, medical histories and diagnoses, and other personal information. Paragraphs 24 and 85 reveal the masking may involve obscuring the data or obfuscation the data. Figure 4 and paragraphs 28 and 35 disclose the masking is performed via the dynamic masking system which is part of the database server). Motivation is the same motivation presented in claim 14. As to claim 18, the combination of Jalal in view of Lafever and Harp teaches wherein the anonymized first user data is sortable according to the attributes (Lafever: paragraphs 383-385 disclose I-diversity anonymization technique that is a form of group[thus sorted] based anonymization which is refined by t-closeness method by treating values of an attribute distinctly by taking into account the distribution of data values for that attribute). Motivation is similar to the motivation presented in claim 14. As to claim 19, the combination of Jalal in view of Lafever and Harp teaches wherein identification of first user private data is selectable by each first user (Lafever: paragraphs 2, 10, and 17 disclose data subject/user can select/retrieve personal information applicable for a specific action, activity and thus provide the personal information about themselves to third parties selectively. Therefore, protecting personal information from misuse by unauthorized or non-trusted business entities (paragraph 278 discloses the data set of the user contain personal information)). Motivation is similar to the motivation presented in claim 14. As to claim 20, the combination of Jalal in view of Lafever and Harp teaches wherein identification of first user private data is according to a prescribed scheme (Lafever: paragraph 23 discloses scheme of temporal data representation and DDIDs scheme are used for tracking and identification of user data (including personal data) (paragraph 278 discloses the data set of the user contain personal information)). Motivation is similar to the motivation presented in claim 14. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to FELICIA FARROW whose telephone number is (571)272-1856. The examiner can normally be reached M - F 7:30am-4:00pm (EST). Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached at (571)270-5143. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /F.F/Examiner, Art Unit 2437 /ALI S ABYANEH/Primary Examiner, Art Unit 2437