DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The preliminary amendment filed 5/3/2024 has been placed of record in the file.
Claims 1, 2, and 5-14 are presented for examination.
The IDS filed 5/14/2024, the IDS filed 5/14/2024, the IDS filed 5/14/2024, and the IDS filed 1/18/2025 have been considered.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1, 2, and 5-14 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Barday et al. (U.S. Patent Application Publication Number 2018/0341784), hereinafter referred to as Barday.
Regarding claim 1, Barday discloses a tangible non-transitory computer readable storage media, including program instructions loaded into memory that, when executed on processors, cause the processors to implement a method of responding to right to be forgotten requests (paragraph 163, right to be forgotten), the method including: a cloud access security broker (abbreviated CASB) controlling exfiltration of consumer data stored on cloud-based services by a service provider (paragraph 165, Subject Access Request Module, and paragraph 186, cloud-based servers); in response to receiving a right to be forgotten request from a particular consumer, the CASB identifying one or more locations on one or more of the cloud-based services at which consumer data for the particular consumer is stored (paragraph 165, request to delete personal data, and paragraph 166, identify database, server, etc.); the CASB performing deep inspection of the consumer data stored at the identified locations and detecting at least some sensitive data related to the particular consumer in the consumer data (paragraph 166, intelligent identity scanning); and the CASB fulfilling the right to be forgotten request by removing the detected sensitive data from the cloud-based services (paragraph 169, facilitate deletion of personal data).
Regarding claim 2, Barday discloses program instructions that, when executed on processors, cause the processors to implement the method including: in addition to removing the detected sensitive data from the cloud-based services, the CASB providing the detected sensitive data to the particular consumer (paragraph 169, display personal data).
Regarding claim 5, Barday discloses program instructions that, when executed on processors, cause the processors to implement the method, wherein the sensitive data in the consumer data is personal data referenced by an identifier including name, identification number, location data, and online identifier; removing records referenced by the identifier of the particular consumer (paragraph 183, unique subject identifier used to fulfill data subject access request, and paragraph 218, unique subject identifier is unique user ID, e-mail address, etc.).
Regarding claim 6, Barday discloses program instructions that, when executed on processors, cause the processors to implement the method including: erasing any information directly or indirectly identified as related to an identifiable person corresponding to the right to be forgotten request appearing in records containing the detected sensitive data from the cloud-based services (paragraph 2, personal data includes PII).
Regarding claim 7, Barday discloses a method of responding to right to be forgotten requests (paragraph 163, right to be forgotten), the method including: a cloud access security broker (abbreviated CASB) controlling exfiltration of consumer data stored on cloud-based services by a service provider (paragraph 165, Subject Access Request Module, and paragraph 186, cloud-based servers); in response to receiving a right to be forgotten request from a particular consumer, the CASB identifying one or more locations on one or more of the cloud-based services at which consumer data for the particular consumer is stored (paragraph 165, request to delete personal data, and paragraph 166, identify database, server, etc.); the CASB performing deep inspection of the consumer data stored at the identified locations and detecting at least some sensitive data related to the particular consumer in the consumer data (paragraph 166, intelligent identity scanning); and the CASB fulfilling the right to be forgotten request by removing the detected sensitive data from the cloud-based services (paragraph 169, facilitate deletion of personal data).
Regarding claim 8, Barday discloses program instructions that, when executed on processors, cause the processors to implement the method including: in addition to removing the detected sensitive data from the cloud-based services, the CASB providing the detected sensitive data to the particular consumer (paragraph 169, display personal data).
Regarding claim 9, Barday discloses wherein the sensitive data in the consumer data is personal data referenced by an identifier including name, identification number, location data, and online identifier; further including removing records referenced by the identifier of the particular consumer (paragraph 183, unique subject identifier used to fulfill data subject access request, and paragraph 218, unique subject identifier is unique user ID, e-mail address, etc.).
Regarding claim 10, Barday discloses erasing any information directly or indirectly identified as related to an identifiable person corresponding to the right to be forgotten request appearing in records containing the detected sensitive data from the cloud-based services (paragraph 2, personal data includes PII).
Regarding claim 11, Barday discloses a system for responding to requests to be forgotten (paragraph 163, right to be forgotten), the system including a processor, memory coupled to the processor, and computer instructions loaded into memory that, when executed on processors, cause the processors to implement a method including: a cloud access security broker (abbreviated CASB) controlling exfiltration of consumer data stored on cloud-based services by a service provider (paragraph 165, Subject Access Request Module, and paragraph 186, cloud-based servers); in response to receiving a right to be forgotten request from a particular consumer, the CASB identifying one or more locations on one or more of the cloud-based services at which consumer data for the particular consumer is stored (paragraph 165, request to delete personal data, and paragraph 166, identify database, server, etc.); the CASB performing deep inspection of the consumer data stored at the identified locations and detecting at least some sensitive data related to the particular consumer in the consumer data (paragraph 166, intelligent identity scanning); and the CASB fulfilling the right to be forgotten request by removing the detected sensitive data from the cloud-based services (paragraph 169, facilitate deletion of personal data).
Regarding claim 12, Barday discloses in addition to removing the detected sensitive data from the cloud-based services, the CASB providing the detected sensitive data to the particular consumer (paragraph 169, display personal data).
Regarding claim 13, Barday discloses wherein the sensitive data in the consumer data is personal data referenced by an identifier including name, identification number, location data, and online identifier; further including removing records referenced by the identifier of the particular consumer (paragraph 183, unique subject identifier used to fulfill data subject access request, and paragraph 218, unique subject identifier is unique user ID, e-mail address, etc.).
Regarding claim 14, Barday discloses erasing any information directly or indirectly identified as related to an identifiable person corresponding to the right to be forgotten request appearing in records containing the detected sensitive data from the cloud-based services (paragraph 2, personal data includes PII).
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Claims 1, 2, and 5-14 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-15 of U.S. Patent Number 11,416,641 in view of Barday.
Claim 1 of the ‘641 Patent discloses the features of the independent claims of the present invention except for the features of the right to be forgotten request and the removing the detected sensitive data. However, Barday teaches these features as discussed in the prior art rejection above. It would have been obvious to one of ordinary skill in the art to modify the teachings of the ‘641 Patent in this way so as to better manage personal data in a manner that complies with legal and industry requirements (see Barday, paragraph 3). Concerning the dependent claims of the present invention, Barday teaches these features as discussed in the prior art rejection above.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Muffat et al. (U.S. Patent Application Publication Number 2020/0250139) disclosed techniques for sensitive personal information linking.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Victor Lesniewski whose telephone number is (571)272-2812. The examiner can normally be reached Monday thru Friday, 9am to 5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached at 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Victor Lesniewski/Primary Examiner, Art Unit 2493