SCALABLE, CONTEXT-BASED ANONYMISATION OF SENSOR DATA

§102 §103

Notice of Pre-AIA or AIA Status 1. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 2. EXAMINER’S NOTE: The claims have been reviewed and considered under the new guidance pursuant to the 2019 Revised Patent Subject Matter Eligibility Guidance (PEG 2019) issued January 7, 2019. 3. This communication is in response to Applicant’s Preliminary Amendment filed on 29 November 2024. Claims 1, 4-10, and 12-16 have been amended. Claims 1-16 remain pending. Information Disclosure Statement 4. The Information Disclosure Statements respectfully submitted on 29 November 2024 and 30 June 2025 have been considered by the Examiner. Claim Objections 5. Claims 15 and 16 are objected to because of the following informalities: Claims 15 and 16 recites an inactive system and inactive non-transitory computer readable storage medium which does not actively perform the steps of executing any instructions on a computer, processor, or a programmable hardware component that produce actual results. Claims 15 and 16 appear to be merely “short cut” independent claims which fail to further limit the claim and should be fully written out in an independent format and recite the necessary components of a system claim and a non-transitory computer readable storage medium similar to independent claim 1. Claims 15 and 16 recite “any of the methods of claim 1” need to be changed as there is only one method recited in claim1. Appropriate correction is required. Claim Rejections - 35 USC § 102 6. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. 7. Claims 1-9 and 12-16 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Enoki et al. (Pub No. 20120331564). Referring to the rejection of claim 1, Enoki et al. discloses a computer-implemented method of obfuscating user sensor data, the method comprising: collecting sensor data from one or more sensors of one or more user devices; (See Enoki et al., para. 45, i.e., In step ST1, the information processing apparatus, item 20 generates behavior information. The behavior information generating unit, item 201 of the information processing apparatus generates behavior information representing a current position, a moving status, or the like using a position detecting sensor, an acceleration sensor, a microphone) assessing the user's current behaviour from the sensor data, and determining that an obfuscation period is required; (See Enoki et al., para. 46 and 48, In step ST2, the information processing apparatus analyzes a behavior pattern. The behavior pattern analyzing unit, item 202 of the information processing apparatus analyzes a behavior pattern such as a moving path on which the user is traveling, a behavior that the user is performing, a time slot in which the user is performing the behavior, or the like, based on the behavior information generated in step ST1, and since it is determined that the behavior pattern is similar to the protection target behavior history pattern, the protection selecting unit, item 204 of the information processing apparatus selects a protection level to protect the behavior information of the behavior pattern) during the obfuscation period, generating obfuscated sensor data for the one or more sensors, different to the collected sensor data, and providing the obfuscated sensor data to the one or more programs on the one or more user devices; (See Enoki et al., para. 64, i.e., Further, when a high protection level is set, the behavior information protecting unit 205 may encrypt information to increase confidentiality of behavior information (behavior history information) having a high protection level or may replace information with fake information) wherein, during the obfuscation period, providing the obfuscated sensor data to the one or more programs on the one or more user devices includes one or both of: a phased-in period at the beginning of the obfuscation period during which the obfuscated data initially matches the collected sensor data before deviating from the collected sensor data; a phased-return period at the end of the obfuscation period during which the obfuscated data returns to match the collected sensor data. (See Enoki et al., para. 48 and 68, i.e., the protection is set based on the behavior pattern and a behavior history information recording unit, item 206a of the information processing apparatus, item 20a records behavior information protected according to the protection level selected by a behavior information protecting unit, item 205 in a recording medium as behavior history information. The behavior history information recording unit perform communication with the server, item 40a perform a process of causing behavior history information of the information processing apparatus recorded in the behavior history information recording unit, item 401 to match behavior history information recorded in the behavior history information recording unit of the information processing apparatus) Referring to the rejection of claim 2, Enoki et al. discloses wherein the method further comprises: generating a user profile, the user profile comprising historical user behaviour; wherein assessing the user's current behaviour from the sensor data comprises comparing the user's current behaviour with the historical user behaviour stored in the user profile. (See Enoki et al., para. 68, i.e., A behavior history information recording unit of the information processing apparatus records behavior information protected according to the protection level selected by a behavior information protecting unit in a recording medium as behavior history information. The behavior history information recording unit is configured to perform communication with the server via the network. The behavior history information recording unit performs communication with the server and records new behavior information in a behavior history information recording unit of the server each time new behavior information is recorded, each time new behavior information is recorded a predetermined number of times, at predetermined intervals, or each time a predetermined time elapses. The behavior history information recording unit perform communication with the server and perform a process of causing behavior history information of the information processing apparatus recorded in the behavior history information recording unit to match behavior history information recorded in the behavior history information recording unit of the information processing apparatus) Referring to the rejection of claim 3, Enoki et al. discloses wherein: the generated obfuscated sensor data comprises data based upon the historical data stored in the user profile. (See Enoki et al., para. 43, i.e., when the amount of behavior history information representing the protection target area is large, it is assumed that the protection target behavior history pattern can represent the behavior history information to be protected with a high degree of accuracy, compared to when the amount of behavior history information representing the protection target area is small. Thus, when the amount of behavior history information used to decide the protection target behavior history pattern is small, a large path width can be set to the moving path represented by the protection target behavior history pattern, and so a determination that there is a similarity is likely to be made) Referring to the rejection of claim 4, Enoki et al. discloses wherein: the user's current behaviour from the sensor data is assessed throughout the obfuscation period; and when it is determined from the assessing of the user's current behaviour from the sensor data that the obfuscation period is no longer required, ending the obfuscation period. (See Enoki et al., para. 57-59, i.e., The protection target behavior history pattern database unit update the database each time new behavior information is recorded in the behavior history information recording unit or each time new behavior information is recorded a predetermined number of times. The database can be constantly kept updated and it is possible to protect the behavior history information representing the behavior pattern which passes through the protection target area set by the user in a predetermined time slot, or leaves or arrives at the position of the protection target area in a predetermined time slot. The behavior history information of a behavior pattern desired to be concealed can be automatically protected even if the user does not explicitly determine whether or not to protect each time) Referring to the rejection of claim 5, Enoki et al. discloses wherein: the generated obfuscated sensor data comprises random data. (See Enoki et al., para. 60, i.e., Protection of behavior history information is not limited to the above-described operation, and setting of a protection target area, a similarity determination criterion, a protection level selecting criterion, or a degree of a protection level may be changed according to behavior history information to be protected) Referring to the rejection of claim 6, Enoki et al. discloses wherein: the generated obfuscated sensor data comprises sensor data collected from one or more sensors of another user device, separate from the one or more user devices. (See Enoki et al., para. 106-107, i.e., two information terminals, items 20-1 and 20-2 has separate protection behavior pattern databases, items 207-1 and 207-2 for storing encrypted data that is collected) Referring to the rejection of claim 7, Enoki et al. discloses wherein: the obfuscated sensor data is generated based upon obfuscated sensor data generated for a different user's device. (See Enoki et al., para. 8, i.e., the registered protection target behavior history pattern is updated when new behavior information is generated or updated using a protection target behavior history pattern supplied from the outside. The protection level of the behavior history information is changeable) Referring to the rejection of claim 8, Enoki et al. discloses the method further comprising: providing the obfuscated sensor data to one or more programs running on the one or more user devices during the obfuscation period, instead of the collected sensor data. (See Enoki et al., para. 98, i.e., the behavior information protecting unit 414 encrypt the behavior information to increase confidentiality of the behavior information and when the protection level is set to be high, encryption of information, replacement with fake information, and the like are performed) Referring to the rejection of claim 9, Enoki et al. discloses wherein the length of the phased-in period and/or the phased-return period is selected based on the user's current behaviour. (See Enoki et al., para. 92, i.e., The behavior information generating unit generates behavior information representing the detected current position, the estimated moving status, or the like, and records the behavior information in the behavior history information recording unit) Referring to the rejection of claim 12, Enoki et al. discloses wherein the one or more sensors comprises any one or more of a microphone, a camera, an accelerometer, a magnetometer, a photosensor, an image sensor, a heartrate sensor, or a fingerprint scanner. (See Enoki et al., para. 34, i.e., The behavior information generating unit 201 is configured with a position detecting sensor that detects a current position based on a received radio signal, an acceleration sensor, a microphone, and the like. For example, the position detecting sensor receives a positioning signal using a global positioning system (GPS), and detects a current position and a time. The current position and a time may be detected using a signal received from a base station of a mobile telephone, or a current position may be detected by acquiring position information of a router based on an address included in a signal received from the router in WiFi (wireless fidelity) or the like. The acceleration sensor detects a motion of an information processing apparatus, and can estimate a moving status, such as whether a user is walking or a user is moving by an electric train. The moving status may be estimated with a high degree of accuracy using an ambient sound collected by a microphone as well as a motion. The behavior information generating unit generates behavior information representing a current position, a moving status, or the like based on a signal from the position detecting sensor, the acceleration sensor, the microphone, or the like, and then outputs the generated behavior information to the behavior pattern analyzing unit) Referring to the rejection of claim 13, Enoki et al. discloses wherein the method is implemented at the operating system level of the of the one or more user devices. (See Enoki et al., para. 74, i.e., the information provision processing unit supplies information according to the access permission level of the determined client, when the protection level of the behavior history information requested by the client is a protection level in which provision of information is permitted at the access permission level of the client, the information provision processing unit reads the behavior history information requested by the client from the behavior history information recording unit) Referring to the rejection of claim 14, Enoki et al. discloses wherein the assessing the user's current behaviour step is performed continuously. (See Enoki et al., para. 92, i.e., The behavior information generating unit detects a current position by the position detecting sensor. The behavior information generating unit generates behavior information representing the detected current position, the estimated moving status, or the like, and records the behavior information in the behavior history information recording unit) Referring to the rejection of claim 15, Enoki et al. discloses a system comprising: (See Enoki et al., para. 67 and 90, i.e., information processing system, items 10(a) and 10(b) one or more user devices, each user device comprising: (See Enoki et al., para. 67 and 90, i.e., client devices, items 50-1 and 50-n) one or more processors; (See Enoki et al., para. 67 and 90, i.e., information processing apparatus, items 20(a) and 20(b) a non-transitory memory; (See Enoki et al., para. 125, i.e., recording medium such as a hard disk or ROM) and one or more programs, wherein the one or more programs are stored in the non-transitory memory and configured to be executed by the one or more processors, the one or more programs including instructions for performing any of the methods of claim 1. (See Enoki et al., para. 124-125, i.e., the program may be recorded in a recording medium such as a hard disk or ROM and executed by a general-purpose computer) Referring to the rejection of claim 16, Enoki et al. discloses a non-transitory computer readable storage medium storing one or more programs, the one or more programs comprising instructions, which, when executed by an electronic device with one or more processors, cause the electronic device to perform any of the methods of claim 1. (See Enoki et al., para. 124-125, i.e., recording medium such as a hard disk or ROM for storing one or more programs and the program may be recorded in a recording medium such as a hard disk or ROM and executed by a general-purpose computer) Claim Rejections - 35 USC § 103 8. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 9. Claims 10-11 are rejected under 35 U.S.C. 103 as being unpatentable over Enoki et al. (Pub No. 2012/0331564) in view of Chakraborty et al. (Pub No. 2018/0300505). Enoki et al. discloses the invention as described above, however, Enoki et al. fail to disclose setting a scale of obfuscation; and generating the obfuscated sensor data for the one or more sensors during the obfuscation period according to the scale of obfuscation. Chakraborty et al. discloses a system and method for deniable obfuscation of user locations. Referring to the rejection of claim 10, (Enoki et al. modified with Chakraborty et al.) discloses wherein the method further comprises: setting a scale of obfuscation; and generating the obfuscated sensor data for the one or more sensors during the obfuscation period according to the scale of obfuscation. (See Chakraborty et al., para. 16-18, i.e., The level of obfuscation of a geographic location, if any, is based at least in part on a trust level associated with the application. The trust level of an application can be user modifiable and entered by the user as part of installing the application. a plurality of thresholds is utilized, with each threshold associated with a different level of obfuscation. For example, if a semantic location is the user's office, levels of obfuscation can include: office, building, county, state, and country, each associated with a different threshold. In this case, if the trust level of an application does not meet the threshold associated with the building but it does meet the threshold associated with the county, this means that the obfuscated user location should be outside of the building to hide the user's current geographic location, but within the county in order retain plausibility of the obfuscated user location as being valid) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date the claimed invention was made to combine Enoki et al.’s information processing apparatus for concealing and protecting user’s behavior history modified with Chakraborty et al.’s system and method for deniable obfuscation of user locations. Motivation for such an implementation would enable obfuscated geographic location that preserves the geographic location of the user. (See Chakraborty et al., Abstract) Referring to the rejection of claim 11, (Enoki et al. modified with Chakraborty et al.) discloses wherein: the scale of obfuscation is dynamically changed during the obfuscation period in response to changes in the user's current behaviour; and the generated obfuscated sensor data is generated according to the changed scale of obfuscation. (See Chakraborty et al., para. 12-13, i.e., In accordance with one or more embodiments of the invention described herein, an application cannot tell when the user location data that it accesses has been obfuscated to hide the actual geographic location of the user. In addition, because certain use cases justify access to the actual user geographic location, the decision on when and how to obfuscate the user location becomes contextual (i.e. context recognition) The rationale for combining Enoki et al. in view of Chakraborty et al. is the same as claim 10. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to COURTNEY D FIELDS whose telephone number is (571)272-3871. The examiner can normally be reached IFP M-F 8am-4:30pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SHEWAYE GELAGAY can be reached at (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /COURTNEY D FIELDS/Examiner, Art Unit 2436 March 25, 2026 /SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436