System and method for implementing traceability to a data item

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This Office Action is in response to the Applicant’s Amendment filed October 22, 2025. Claims 1-20 are pending and under examination in this case. Claims 1-20 are currently amended. Response to Arguments Applicant’s arguments, see REMARKS, filed October 22, 2025, with respect to the length of the abstract, have been fully considered and are persuasive. The objection to the abstract has been withdrawn. Applicant argues, firstly, that the combination of Kaidi and Yancey is improper. Examiner respectfully disagrees. The suggestion to combine need not be express and may come from the prior art, as filtered through the knowledge of one skilled in the art. Motorola, Inc. v. Interdigital Tech. Corp. 43 USPQ2d 1481 (Fed. Cir. 1997) Applicant argues, regarding claims 1, 8 and 15, as currently amended, that nothing in the cited references teaches, discloses, or suggests, two or more parameters comprising global positioning system (GPS) location information associated with the user device, an identification of an operating system (OS) associated with the user device, a timestamp of initiating a request to transfer a data item, or a device identifier associated with the user device, wherein the two or more parameters represent origin information of the data item. Examiner respectfully disagrees. Note that Kaidi does not specifically disclose parameters comprising an internet protocol (IP) address associated with the user device, an identification of an operating system (OS) associated with the user device, a timestamp of initiating a request to transfer a data item, a device identifier associated with the user device, and a user profile. However, Kaidi does disclose comparing multiple parameters which are stored and compared. See, e.g., Kaidi at table 1, where various parameters are matched or compared “Determine whether request 134 is part of a sequence of related actions . If the same set of actions that are all associated with a first IP address , these actions might be part of the same sequence . If the same set of actions subsequently occurs associated with a second IP address , even if the first IP address and second IP address do not match , this may indicate the same actor is using a script to perform the same actions using different IP addresses . . . Determine whether there are matches between sequence of requests received over a period of time from IP interlinked addresses that are associated with a particular user account ( e.g. , a list of the last five IP addresses the particular user account has used to log in ) . If interlinked IP addresses are used to perform the same sequence of events , this may indicate that the user account has been hijacked . . . After analyzing log entries associated with particular user accounts using a machine learning algorithm to identity typical use patterns , determine whether there are requests associated with a user account that indicate a deviation from the typical use patterns . A deviation in behavior may reflect a hijacked user account” However, the difference between one parameter or another are only found in the non-functional descriptive material and are not functionally involved in the steps recited. The various steps would be performed the same regardless of the descriptive material since none of the steps explicitly interact therewith. Limitations that are not functionally interrelated with the useful acts, structure, or properties of the claimed invention carry little or no patentable weight. Thus, this descriptive material will not distinguish the claimed invention from the prior art in terms of patentability, see In re Ngai, 70 USPQ2d 1862 (CAFC 2004); In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 401, 404 (Fed. Cir. 1983); In re Lowry, 32 F.3d 1579, 32 USPQ2d 1031 (Fed. Cir. 1994). Therefore, it would also have been obvious to a person of ordinary skill in the art at the time of applicant’s invention to use one or another parameter because such data does not functionally relate to the steps in the method claimed and because the subjective interpretation of the data does not patentably distinguish the claimed invention. Applicant argues, regarding claims 1, 8 and 15, as currently amended, that nothing in the cited references teaches, discloses, or suggests two or more of an expected GPS location information, an expected identification of an expected OS, an expected timestamp of initiating the request, or an expected device identifier. Examiner respectfully disagrees. Kaidi does not specifically disclose parameters comprising an internet protocol (IP) address associated with the user device, an identification of an operating system (OS) associated with the user device, a timestamp of initiating a request to transfer a data item, a device identifier associated with the user device, and a user profile. However, Kaidi does disclose comparing multiple parameters which are stored and compared. See, e.g., Kaidi at table 1, where various parameters are matched or compared “Determine whether request 134 is part of a sequence of related actions . If the same set of actions that are all associated with a first IP address , these actions might be part of the same sequence . If the same set of actions subsequently occurs associated with a second IP address , even if the first IP address and second IP address do not match , this may indicate the same actor is using a script to perform the same actions using different IP addresses . . . Determine whether there are matches between sequence of requests received over a period of time from IP interlinked addresses that are associated with a particular user account ( e.g. , a list of the last five IP addresses the particular user account has used to log in ) . If interlinked IP addresses are used to perform the same sequence of events , this may indicate that the user account has been hijacked . . . After analyzing log entries associated with particular user accounts using a machine learning algorithm to identity typical use patterns , determine whether there are requests associated with a user account that indicate a deviation from the typical use patterns . A deviation in behavior may reflect a hijacked user account” However, the difference between one parameter or another are only found in the non-functional descriptive material and are not functionally involved in the steps recited. The various steps would be performed the same regardless of the descriptive material since none of the steps explicitly interact therewith. Limitations that are not functionally interrelated with the useful acts, structure, or properties of the claimed invention carry little or no patentable weight. Thus, this descriptive material will not distinguish the claimed invention from the prior art in terms of patentability, see In re Ngai, 70 USPQ2d 1862 (CAFC 2004); In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 401, 404 (Fed. Cir. 1983); In re Lowry, 32 F.3d 1579, 32 USPQ2d 1031 (Fed. Cir. 1994). Therefore, it would also have been obvious to a person of ordinary skill in the art at the time of applicant’s invention to use one or another parameter because such data does not functionally relate to the steps in the method claimed and because the subjective interpretation of the data does not patentably distinguish the claimed invention. Applicant’s arguments with respect to claims 1, 8 and 15, as currently amended, have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-6, 8-13, and 15-19 are rejected under 35 U.S.C. 103 as being unpatentable over Kaidi (US 2022/0247750) in view of Yancey (US 10,708,269) and Mack-Crane (US 20140334492), and further in view of Wei (US 2018/.0331773). Regarding claims 1, 8, and 15 – Kaidi teaches a system for implementing traceability to a data item, comprising: a user device (par 30) comprising: a first memory configured to store two or more parameters (par 22, 30); and a first processor operably coupled to the first memory, and configured to: receive the request to transfer the data item; (par 25, 23, 30) generate a data packet that comprises the request; (par 24, 30) and a gateway server communicatively coupled to the user device, (par 31) and comprising: a second memory configured to store a list of expected parameters associated with at least one user device from which at least one data packet is received, (par 26, 31); a second processor configured to: receive the data packet data packet appended with the two or more first headers; (table 1, 13, par 39); compare each parameter from among the two or more parameters with a counterpart parameter from among the list of expected parameters; (table 1, 14-18) determine whether more than a threshold number of the two or more parameters correspond to counterpart parameters from among the list of expected parameters; (table 1, 14-18) and in response to determining that more than the threshold number of the two or more parameters correspond to the counterpart parameters from among the list of expected parameters: communicate a request message, (par 29) wherein: the request message comprises the data packet; (par 29) and the request message further comprises instructions that cause the data packet to be transferred. (par 12, 29) Kaidi does not specifically disclose append headers to the data packet, wherein the two or more first headers comprise the two or more stored parameters. However, Kaidi does disclose append a first header to the data packet, wherein the one or more first headers comprise a stored parameters; (table 1, 13, par 39) Mack-Crane discloses, as Kaidi does not, appending multiple headers to a data packet (par 28). It would be obvious to one of ordinary skill in the art to combine Kaidi with Mack-Crane in order to more efficiently carry out packet-based communications. (Mack-Crane, par 3) Yancey discloses, as Kaidi does not, wherein each header comprises the two or more stored parameters; (col 10 ln 14-35) append a header to the data packet, wherein the header indicates that the data packet is valid. (col 10 ln 14-35) It would be obvious to one of ordinary skill in the art to combine Kaidi with the header of Yancey in order to sustain transaction security and the multiple headers of Mack-Crane in order to sustain transaction security. Mack-Crane discloses, as Kaidi does not, multiple headers to the data packet. (par 28) It would be obvious to one of ordinary skill in the art to combine Kaidi with the header of Yancey in order to sustain transaction security and the multiple headers of Mack-Crane in order to sustain transaction security. Wei discloses, as Kadi and Yancey do not, a header comprises a flag bit indicative of validity. (par 22, 47, abs ). It would be obvious to one of ordinary skill in the art to use the flag bit of Wei as a header, for more economical use of computer resources. (Wei, par 5) Kaidi does not specifically disclose parameters comprising global positioning system (GPS) location information associated with a user device, an identification of an operating system (OS) associated with the user device, a timestamp of initiating a request to transfer a data item, a device identifier associated with the user, wherein the two or more parameters represent origin information of the data item. However, the difference between one parameter or another are only found in the non-functional descriptive material and are not functionally involved in the steps recited. The various steps would be performed the same regardless of the descriptive material since none of the steps explicitly interact therewith. Limitations that are not functionally interrelated with the useful acts, structure, or properties of the claimed invention carry little or no patentable weight. Thus, this descriptive material will not distinguish the claimed invention from the prior art in terms of patentability, see In re Ngai, 70 USPQ2d 1862 (CAFC 2004); In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 401, 404 (Fed. Cir. 1983); In re Lowry, 32 F.3d 1579, 32 USPQ2d 1031 (Fed. Cir. 1994). Therefore, it would also have been obvious to a person of ordinary skill in the art at the time of applicant’s invention to use one or another parameter because such data does not functionally relate to the steps in the method claimed and because the subjective interpretation of the data does not patentably distinguish the claimed invention. Kaidi does not specifically disclose wherein the list of expected parameters comprises two or more of an expected GPS location information, an expected identification of an expected OS, an expected timestamp of initiating the request, or an expected device identifier. However, the difference between one parameter or another are only found in the non-functional descriptive material and are not functionally involved in the steps recited. The various steps would be performed the same regardless of the descriptive material since none of the steps explicitly interact therewith. Limitations that are not functionally interrelated with the useful acts, structure, or properties of the claimed invention carry little or no patentable weight. Thus, this descriptive material will not distinguish the claimed invention from the prior art in terms of patentability, see In re Ngai, 70 USPQ2d 1862 (CAFC 2004); In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 401, 404 (Fed. Cir. 1983); In re Lowry, 32 F.3d 1579, 32 USPQ2d 1031 (Fed. Cir. 1994). Therefore, it would also have been obvious to a person of ordinary skill in the art at the time of applicant’s invention to use one or another parameter because such data does not functionally relate to the steps in the method claimed and because the subjective interpretation of the data does not patentably distinguish the claimed invention. Regarding claims 2, 9, and 16 – Kaidi discloses an operation server communicatively coupled to the user device and the gateway server, the operation server comprises a third processor configured to: access the data packet; (par 39) and execute the instructions included in the request message. (par 12, 39) Mack-Crane discloses wherein the data packet is appended with the two or more first headers and the second header. (par 28) It would be obvious to one of ordinary skill in the art to combine Kaidi with the headers of Mack-Crane in order to more economically sustain transaction security. Regarding claims 3, 10, and 17 - Kaidi discloses wherein the second processor is further configured, for each parameter from among the two or more parameters, to: receive an application programming interface (API) request that indicates whether the parameter is valid; (table 1, 14-18) compare the parameter with a counterpart parameter from among the list of expected parameters; (table 1, 14-18) determine that the parameter corresponds to the counterpart parameter; (table 1, 14-18) and in response to determining that the parameter corresponds to the counterpart parameter, communicate an API response that indicates the parameter is valid. (table 1, 14-18) Regarding claims 4, 11, and 18 – Yancey discloses parameters are indicated in a (col 10 ln 14-35, col 4 ln 21-50) It would be obvious to one of ordinary skill in the art to combine Kaidi with the headers of Yancey in order to sustain transaction security. Mack-Crane discloses wherein the data packet is appended with the two or more first headers and the second header. (par 28) It would be obvious to one of ordinary skill in the art to combine Kaidi with the headers of Mack-Crane in order to more economically sustain transaction security. Regarding claims 5, 12, and 19 – Yancey discloses two or more parameters are indicated in a single header. (col 10 ln 14-35, col 4 ln 21-50) It would be obvious to one of ordinary skill in the art to combine Kaidi with the header of Yancey in order to sustain transaction security. Regarding clams 6 and 13 – Yancey teaches wherein the first processor is further configured to encrypt the two or more parameters. (col 4 ln 35-45). It would be obvious to one of ordinary skill in the art to combine Kaidi with the encryption of Yancey in order to sustain transaction security. Claims 7, 14, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Kaidi (US 2022/0247750) in view of Yancey (US 10,708,269), Mack-Crane (US 2014/0334492), Wei (US 2018/0331773) and further in view of Liebl et al (US 2015/0288694). Kaidi in view of Yancey, Mack-Crane and Wei discloses as above. Regarding claims 7, 14, and 20 – Liebl discloses that determining that more than the threshold number of the two or more parameters correspond to the counterpart parameters from among the list of expected parameters comprises determining that each parameter from among the one or more parameters corresponds to a counterpart parameter from among the list of expected parameters. (par 67-69) It would be obvious to one of ordinary skill in the art to combine Kaidi, Yancey, Mack-Crane, and Wei, with Liebl for greater control of resources. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Moridi (US 2021/0320947) discloses systems and methods for data privacy and security. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to CRISTINA OWEN SHERR whose telephone number is (571)272-6711. The examiner can normally be reached 8:30 - 5:30. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W Hayes can be reached at 571-272-6708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Cristina Owen Sherr/Examiner, Art Unit 3697 /JOHN W HAYES/Supervisory Patent Examiner, Art Unit 3697