DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is responsive to application 18/422,960 that the Applicant filed on January 25, 2024 and presented 20 claims. Original claims 1-20 remain pending in the application.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The following conventions apply to the mapping of the prior art to the claims:
Italicized text – claim language.
Parenthetical plain text – Examiner’s citation and explanation.
Citation without an explanation – an explanation has been previously provided for the respective limitation(s).
Quotation marks – language quoted from a prior art reference.
Underlining – language quoted from a claim.
Brackets – material altered from either a prior art reference or a claim, which includes the Examiner’s explanation that relates a claim limitation to the quoted material of a reference.
Braces – a limitation taught by another reference, but the limitation is presented with the mapping of the instant reference for context.
Numbered superscript – a first phrase to be moved upwards to the primary reference analysis.
Lettered superscript – a second phrase to be moved after the movement of the first phrase from which it was lifted, or more succinctly, move numbered material first, lettered material last.
A. Claims 1-2, 4-5, 8-9, 11-12, 15-17, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Miller (US 9,094,379, “Miller”) in view of McCaig (US 2021/0266300, “McCaig”), and further in view of Spies et al. (US 7,580,521, “Spies”).
Regarding Claim 1
Miller discloses
A method (Fig. 8, abstract) comprising:
receiving, from a first client device…1 of a personal data sharing platform, a request for a dataset…2 (Fig. 1, Col. 4:19-31, “When a user [with a first client device 120] 102, 104, to 106 requests to retrieve encrypted user data [dataset] from the content site 132 with the network application 122, encrypted user data is returned.”; and Col. 17:18-29, “At block 804, the encrypted user data is sent to a remote security server [personal data sharing platform] (such as the security system 170 [that receives the request] or the content site 132).”; see also McCaig ¶ [0031], “Provider client device can refer to a [first] client device (and associated provider user account) that provides personal data of the user to the personal data sharing platform 114. Recipient [first] client device can refer to a client device (or associated user account) that receives the personal data provided to the personal data sharing platform 114 by the provider user account.”; and);
receiving, from a second client device…3 of the personal data sharing platform, a first dataset…4 of the requested dataset (Fig. 8, Col. 17:18-29, “At block 802, encrypted user data [first dataset] associated with a remote content site is obtained [from a second client device]. The security module 126 can obtain this encrypted user data. At block 804, the encrypted user data is sent [to be received] to a remote security server [personal data sharing platform] (such as the security system 170 or the content site 132).”),
wherein the one or more {personal data values (McCaig ¶ [0015])} are encrypted using at least a first public key (Col. 16:65-17:11, “In one embodiment, encryption is performed by the client device 120 (e.g., via one or more public keys), while signing and decryption are performed by both the client device 120 and the security system 170. The client device 120 and the security system 170 can each have different private keys (e.g., data encryption keys) [and a corresponding first public key] that are both used for signing and/or decryption [encryption]. Advantageously, such hybrid client-server cryptography can enhance security of user data by guarding against loss or theft of one of the two private keys. FIGS. 8 and 9 illustrate more detailed embodiments of hybrid client-server cryptography.”); and
responsive to the request for the dataset having the attributes associated with personal data (Fig. 1, Col. 4:19-31, McCaig ¶ [0015]),
providing, to the first client device, the first dataset comprising the one or more encrypted personal data values (Col. 17:18-39, “At block 806, partially-decrypted [and thus partially encrypted] user data [first dataset] is received [by the first client device] from the remote security server and is decrypted at block 808 to obtain the user data.”; and McCaig ¶ [0015]) and
partially decrypted information…5 (Miller Col. 17:18-29, “In response, the remote security server can use its private key to partially decrypt the encrypted user data [that is subsequently provided to the first client device for further decryption].”),
wherein the first private key is configured to at least partially decrypt the one or more encrypted personal data values (Col. 17:30-39, “At block 806, partially-decrypted user data is received from the remote security server and is decrypted at block 808 to obtain the user data. The security module 126 can receive the partially-decrypted user data [encrypted personal data values] and direct it to the cryptography manager 124 for further decryption using a second [first] private key [as obtained as disclosed by Spies Fig. 4, Col. 3:32-57]”).
Miller doesn’t disclose
1 …associated with a first user account…
2 …having attributes associated with personal data;
3 …associated with a second user account…
4 …comprising one or more personal data values that correspond to the attributes…
5 …for obtaining a first private key corresponding to the first public key of a key pair,….
McCaig, however, discloses
1 …associated with a first user account… (Fig. 3, ¶ [0062], “In some embodiments, a user account (either of the provider user account or recipient [first] user account) can suggest one or more of a data category or data packet type (e.g., the attributes therein) for approval by the personal data sharing platform 114 (e.g., moderator server 107).”),
2…having attributes associated with personal data (¶ [0015], “A data packet type can specify attributes of personal data.”);
3 …associated with a second user account… (Fig. 3, ¶ [0062], “In some embodiments, a user account (either of the provider [second] user account or recipient user account) can suggest one or more of a data category or data packet type (e.g., the attributes therein) for approval by the personal data sharing platform 114 (e.g., moderator server 107).”)
4 …comprising one or more personal data values that correspond to the attributes… (¶ [0015], “For example, a data packet type in the health category can specify the attributes of age, height, gender, and pulse rate [as personal data values], etc.”)
Regarding the combination of Miller and McCaig, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the data sharing system of Miller to arrive at the claimed invention. KSR establishes that a rationale for obviousness is proven by showing a “use of [a] known technique to improve similar devices in the same way.” See MPEP § 2143(I)(C).
To substantiate the conclusion of obviousness under this KSR rationale, the Examiner finds pursuant to MPEP § 2143(I)(C):
1) the prior art contained a base system, namely the data sharing system of Miller, upon which the claimed invention can be seen as an “improvement” through the use of account and data attribute features;
2) the prior art contained a “comparable” system, namely the data sharing system of McCaig, that has been improved in the same way as the claimed invention through the account and data attribute features; and
3) one of ordinary skill in the art could have applied the known improvement technique of applying the account and data attribute features to the base data sharing system of Miller, and the results would have been predictable to one of ordinary skill in the art.
Spies, however, discloses
5 … for obtaining a first private key corresponding to the first public key of a key pair (Fig. 4, Col. 3:32-57, “Once the recipient has used the less-sensitive outer-layer IBE [first] public key to obtain the outer-layer IBE [first] private key,...”,
Regarding the combination of Miller-McCaig and Spies, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the data sharing system of Miller-McCaig to arrive at the claimed invention. KSR establishes that a rationale for obviousness is proven by showing a “use of [a] known technique to improve similar devices in the same way.” See MPEP § 2143(I)(C).
To substantiate the conclusion of obviousness under this KSR rationale, the Examiner finds pursuant to MPEP § 2143(I)(C):
1) the prior art contained a base system, namely the data sharing system of Miller-McCaig, upon which the claimed invention can be seen as an “improvement” through the use of a cascading cryptography feature;
2) the prior art contained a “comparable” system, namely the cryptography system of Spies, that has been improved in the same way as the claimed invention through the cascading cryptography feature; and
3) one of ordinary skill in the art could have applied the known improvement technique of applying the cascading cryptography feature to the base data sharing system of Miller-McCaig, and the results would have been predictable to one of ordinary skill in the art.
Regarding Claim 2
Miller in view of McCaig, and further in view of Spies (“Miller-McCaig-Spies”) discloses the method of claim 1, and McCaig further discloses
wherein: each personal data value of the one or more personal data values of the first dataset is individually encrypted using the first public key (¶ [0052], “In some embodiments, client device, such as client device 103A, can use a cryptographic key, such as a public key provided by personal data sharing platform 114, to individually encrypt the data values of data packet prior to sending a data packet to personal data sharing platform 114.”), and
the first dataset further comprises the attributes associated with personal data in an unencrypted state (¶ [0052], “ In some embodiments, the one or more corresponding attributes of the data structure [first data set] are unencrypted.”; and “The attribute of the attribute-value pair 205A is gender [personal data], which is unencrypted,...”).
Regarding the combination of Miller and McCaig, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter of claims 1 and 2.
Regarding Claim 4
Miller-McCaig-Spies discloses the method of claim 1, and McCaig further discloses
further comprising providing, to the second client device associated with the second user account, the first public key (¶ [0052], “In some embodiments, client device, such as [second] client device 103A, can use a cryptographic key, such as a [first] public key provided by personal data sharing platform 114, to individually encrypt the data values of data packet prior to sending a data packet to personal data sharing platform 114.”).
Regarding the combination of Miller and McCaig, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter of claims 1 and 4.
Regarding Claim 5
Miller-McCaig-Spies discloses the method of claim 1, and McCaig further discloses
wherein providing the first dataset to the first client device (Miller Col. 17:18-39, McCaig ¶ [0015]) is further responsive to receiving, at the personal data sharing platform, an indication that a value item was transferred from a first account associated with the first user account to a second account associated with the second user account (¶¶ [0099]-[0100], “At operation 346, personal data sharing platform 114 evaluates whether a value item has been transferred. In some embodiments and as noted above, the request for data packets can identify a value item that can be transferred [from a first user account associated with the request as a data consumer] to any provider user [and associated account] (via the third-party value item platform) that accepts the data packet request and where the response of acceptance is approved by the personal data sharing platform 114 (e.g., based on fulfillment or non-fulfillment of the data packet request).”).
Regarding Independent Claims 8 and 15
With respect to independent claims 8 and 15, a corresponding reasoning as given earlier for independent claim 1 applies, mutatis mutandis, to the subject matter of claims 8 and 15. Therefore, claims 8 and 15 are rejected, for similar reasons, under the grounds set forth for claim 1.
Regarding Dependent Claims 9, 11-12, 16-17 and 19
With respect to dependent claims 9, 11-12, 16-17, and 19, a corresponding reasoning as given earlier for dependent claims 2 and 4-5 applies, mutatis mutandis, to the subject matter of claims 9, 11-12, 16-17, and 19. Therefore, claims 9, 11-12, 16-17, and 19 are rejected, for similar reasons, under the grounds set forth for claims 2 and
4-5.
B. Claims 3, 10, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Miller in view of McCaig and Spies, and further in view of Winstrom (US 2021/0359835, “Winstrom”).
Regarding Claim 3
Miller-McCaig-Spies discloses the method of claim 1, and Miller further discloses
further comprising, generating the first public key and the first private key…1 (Col. 16:65-17:11, 17:30-39).
Miller-McCaig-Spies doesn’t disclose
1 …responsive to receiving the request for the dataset.
Winstrom, however, discloses
1 …responsive to receiving the request for the dataset (¶ [0025], “In an embodiment, the data requesting party (e.g., a third party requesting server 108) may generate a participant encryption key (e.g., a homomorphic public/private key pair) with a key generation service 107 which is provided to the set of participant devices in device groups 110, 111, and 112. A participant device 110 a may encrypt the requested data for the participant device 110 a with the received participant encryption key and send the data to the aggregation service 106 (e.g., at the aggregation service server 102).”).
Regarding the combination of Miller-McCaig-Spies and Winstrom, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the data sharing system of Miller-McCaig-Spies to arrive at the claimed invention. KSR establishes that a rationale for obviousness is proven by showing a “use of [a] known technique to improve similar devices in the same way.” See MPEP § 2143(I)(C).
To substantiate the conclusion of obviousness under this KSR rationale, the Examiner finds pursuant to MPEP § 2143(I)(C):
1) the prior art contained a base system, namely the data sharing system of Miller-McCaig-Spies, upon which the claimed invention can be seen as an “improvement” through the use of a key generation feature;
2) the prior art contained a “comparable” system, namely the data aggregation system of Winstrom, that has been improved in the same way as the claimed invention through the key generation feature; and
3) one of ordinary skill in the art could have applied the known improvement technique of applying the key generation feature to the base data sharing system of Miller-McCaig-Spies, and the results would have been predictable to one of ordinary skill in the art.
Regarding Dependent Claims 10 and 18
With respect to dependent claims 10 and 18, a corresponding reasoning as given earlier for dependent claim 3 applies, mutatis mutandis, to the subject matter of claims 10 and 18. Therefore, claims 10 and 18 are rejected, for similar reasons, under the grounds set forth for claim 3.
Allowable Subject Matter
Claims 6-7, 13-14, and 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to D'ARCY WINSTON STRAUB whose telephone number is (303)297-4405. The examiner can normally be reached Monday-Friday 9:00-5:00 Mountain Time.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, WILLIAM KORZUCH can be reached at (571)272-7589. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/D'Arcy Winston Straub/Primary Examiner, Art Unit 2491