DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 02/05/2026 has been entered. Claims 1, 8 and 15 have been amended. Claims 1-20 are pending.
Response to Arguments
Applicant’s arguments filed 02/05/2026 have been considered but are moot in view of new ground of rejection.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 are provisionally rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-20 of U.S. Patent application No. 18/301,656 (hereinafter 656’ application). Although the conflicting claims are not identical, they are not patentably distinct from each other because all elements of claims 1-20 of the present application correspond to elements of claims 1-20 of the 656’application. Claims 1-20 of the present application would have been obvious over claims 1-20 of the 656’ application because each element of the claims of the present application is anticipated by the claims of 656’ application.
This is a provisional nonstatutory double patenting rejection.
Claims 1-20 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 11,630,918 B2 (hereinafter 918’ patent). Although the conflicting claims are not identical, they are not patentably distinct from each other because all elements of claims 1-20 of the present application correspond to elements of claims 1-20 of the 918’ patent. Claims 1-20 of the present application would have been obvious over claims 1-20 of the 918’ patent because each element of the claims of the present application is anticipated by the claims of 918’ patent.
Claims 1-20 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-16 of U.S. Patent No. 10,599,872 B2 (hereinafter 872’ patent). Although the conflicting claims are not identical, they are not patentably distinct from each other because all elements of claims 1-20 of the present application correspond to elements of claims 1-16 of the 872’ patent. Claims 1-20 of the present application would have been obvious over claims 1-16 of the 872’ patent because each element of the claims of the present application is anticipated by the claims of 872’ patent.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-6 and 8-16 are rejected under 35 U.S.C. 103 as being unpatentable over Cohen US 10,296,918 B1 in view of Schuette et al. US 2014/0059355 A1 [hereinafter Schuette] and further in view of Yan US 8,600,872 B1.
As per claims 1, 8 and 15, Cohen teaches a compromised data exchange system, comprising: a network interface; one or more processors; and a memory coupled with the one or more processors, the memory storing instructions thereon that, when executed, cause the one or more processors to:
receive personally identifying information (PII) data from an at-risk entity [column 5, lines 7-34];
the compromised data comprise data scraped from one or more unauthorized data sources [column 8, lines 24-54];
access compromised data from a database [column 5, lines 7-34],
determine that at least a portion of the PII data matches a portion of the compromised data [column 8, lines 24-54];
assign a risk assessment score to the at least a portion of the PII data [column 9, line 44-column 10, line 30]; and
provide the risk assessment score to the at-risk entity [column 9, line 44-column 10, line 30].
In the same field of endeavor, Schuette teaches a data protections system wherein the compromised data is encrypted [paragraphs 0038-0040]; encrypt the PII data using a same set of encryption keys as the compromised data [paragraphs 0038-0040]. It would have been obvious to one having ordinary skill in the art before the filing date of the application to employ the teachings of Schuette within the system of Cohen in order to enhance the security of the system by securing PII data using cryptography.
In the same field of endeavor, Yan teaches a compromised data exchange system comprising a processor: to receive from an at-risk entity, personally identifying information (PII) [column 6, line 57-column 7, line 14]. It would have been obvious to one having ordinary skill in the art before the filing date of the application to employ the teachings of Yan within the system of Cohen and Schuette in order to enhance the security of the system by providing collecting from at-risk entity PII data for risk mitigation.
As per claim 2, the combination of Cohen, Schuette and Yan teach the claim limitations as indicated above. Yan further teaches the system wherein: the at-risk entity comprises a consumer [column 6, line 57-column 7, line 14]. It would have been obvious to one having ordinary skill in the art before the filing date of the application to employ the teachings of Yan within the system of Cohen and Schuette in order to enhance the security of the system by providing collecting from at-risk entity PII data for risk mitigation.
As per claim 3, Cohen further teaches the system wherein the instructions further cause the one or more processors to: the compromised data is disassociated [column 9, line 44-column 10, line 30].
As per claim 4, Schuette further teaches the system wherein: each data field within the compromised data is encrypted using a different encryption key [paragraphs 0038-0040]; encrypt the PII data using a same set of encryption keys as the compromised data [paragraphs 0038-0040]. It would have been obvious to one having ordinary skill in the art before the filing date of the application to employ the teachings of Schuette within the system of Cohen in order to enhance the security of the system by securing PII data using cryptography.
As per claim 5, Cohen further teaches the system wherein: each item of the compromised data is stored with a breach identifier that corresponds with a data exposure event in which the item of the compromised data was exposed [column 9, line 44-column 10, line 30].
As per claim 6, Cohen teaches the system wherein: at least one item of data within the at least a portion of the PII data matches multiple items of data within the compromised data [column 9, line 44-column 10, line 30].
As per claim 9, Schuette further teaches the method wherein: the PII data received from the at-risk entity is encrypted and the method further comprises decrypting the PII data prior to encrypting the PII data using a same set of encryption keys as the compromised data [paragraphs 0038-0040]. It would have been obvious to one having ordinary skill in the art before the filing date of the application to employ the teachings of Schuette within the system of Cohen in order to enhance the security of the system by securing PII data using cryptography.
As per claim 10, Cohen further teaches the method wherein: accessing the compromised data from the database comprises retrieving the compromised data from one or more compromised entities [column 9, line 44-column 10, line 30].
As per claim 11, Cohen further teaches the method further comprising: each item of the compromised data comprises a date of an associated data breach, a size of the associated data breach, and a code indicating how the item of the compromised data was lost or stolen [column 9, line 44-column 10, line 30].
As per claim 12, Cohen further teaches the method further comprising: searching data from multiple data sources to identity whether any of the PII data matches data from one or more of the multiple data sources, wherein the risk score is assigned based, at least in part, on whether any of the PII data matches data from one or more of the multiple data sources [column 9, line 44-column 10, line 30].
As per claim 13, Cohen further teaches the method wherein: at least one data source of the multiple data sources comprises a website that is not indexed on search engines [column 9, line 44-column 10, line 30].
As per claim 14, Cohen further teaches the method further comprising: sending the PII data to one or more compromised entities [column 9, line 44-column 10, line 30].
As per claim 16, Schuette further teaches the medium wherein the instructions further cause the one or more processors to: receive disassociated and encrypted PII data from a compromised entity, re-encrypt the disassociated and encrypted PII data to produce a portion of the compromised data and store the portion of the compromised data in the database [paragraphs 0038-0040]. It would have been obvious to one having ordinary skill in the art before the filing date of the application to employ the teachings of Schuette within the system of Cohen in order to enhance the security of the system by securing PII data using cryptography.
Allowable Subject Matter
Claims 7 and 17-20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims and by overcoming the Double Patenting rejections indicated above.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BEEMNET W DADA whose telephone number is (571)272-3847. The examiner can normally be reached Monday-Friday, 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached at 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
BEEMNET W. DADA
Primary Examiner
Art Unit 2435
/BEEMNET W DADA/Primary Examiner, Art Unit 2435