DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on March 20, 2025 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked.
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph:
(A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function;
(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function.
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that use the word “means” or “step” but are nonetheless not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph because the claim limitation(s) recite(s) sufficient structure, materials, or acts to entirely perform the recited function. Such claim limitation(s) is/are: “token management system is configured to organize data/determine…that the agent is authorized/grant the temporary access/remove the PII” in claim 1.
Because this/these claim limitation(s) is/are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are not being interpreted to cover only the corresponding structure, material, or acts described in the specification as performing the claimed function, and equivalents thereof.
If applicant intends to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to remove the structure, materials, or acts that performs the claimed function; or (2) present a sufficient showing that the claim limitation(s) does/do not recite sufficient structure, materials, or acts to perform the claimed function.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Claims 1-5, 8, 11-15, 18, 21-25, 28, and 31-33 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 2, 7, 10-12, 15, 18, and 19 of U.S. Patent No. 12,141,326. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the instant application are anticipated by the earlier filed patented claims in that the claims of the ‘326 patent contain all of the limitations of the instant application.
Claims 1 and 2 of the instant application corresponds to claim 1 of the ‘326 patent;
Claims 3 and 4 of the instant application corresponds to claim 2 of the ‘326 patent;
Claim 5 of the instant application corresponds to claim 7 of the ‘326 patent;
Claim 8 of the instant application corresponds to claim 2 of the ‘326 patent;
Claims 11 and 12 of the instant application corresponds to claim 11 of the ‘326 patent;
Claims 13 and 14 of the instant application corresponds to claim 12 of the ‘326 patent;
Claim 15 of the instant application corresponds to claim 15 of the ‘326 patent;
Claim 18 of the instant application corresponds to claim 12 of the ‘326 patent;
Claims 21 and 22 of the instant application corresponds to claim 18 of the ‘326 patent;
Claim 23 and 24 of the instant application corresponds to claim 19 of the ‘326 patent;
Claim 25 of the instant application corresponds to claim 15 of the ‘326 patent;
Claim 28 of the instant application corresponds to claim 19 of the ‘326 patent; and
Claim 31 of the instant application corresponds to claim 1 of the ‘326 patent;
Claim 32 of the instant application corresponds to claim 10 of the ‘326 patent; and
Claim 33 of the instant application corresponds to claim 10 of the ‘326 patent.
Claims 1-5, 8, 11-15, 18, 21-25, 28, and 31-33 of the instant application therefore are not patentably distinct from the earlier filed ‘326 patented claims, and as such, is unpatentable for obvious-type double patenting.
Claims 9, 10, 19, 20, 29, and 30 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 2, 12, and 19 of U.S. Patent No. 12,141,326 in view of Okuda et al, U.S. Patent 12,513,556.
As per claim 9 (and accordingly claim 19 and claim 29) the ‘326 patent recites of training with a digital twin of a previous access event in claims 2, 12, and 19. However, the ‘326 patent fails to claim wherein the digital twin includes a secure clock operating under control of a provider.
Okuda et al discloses of a digital twin includes a secure clock operating under control of a provider, col. 6, lines 9-15. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to have been motivated to apply the user of digital twins with respect to clock information. Okuda et al teaches of generating a digital twin that is time-synchronized with real space in virtual space using a communication delay time between the vehicle and the vehicle control device based on the communication latency, col. 2, lines 27-32 wherein it is desirable to reduce the effects of communication delay occurring between the vehicle and the cloud when the control device controls the vehicle, col. 1, lines 36-38. Digital twins are disclosed in the ‘326 patent as being used to create models of access events and end user service journeys (i.e, communication paths with respect to Okuda et al), col. 6, lines 21-24, it is obvious that the teaching of Okuda could be applied with the teachings of the claims of the ‘326 patent in order to improve communication delays by using digital twins.
Claim 10 of the instant application corresponds to claims 1 and 2 of the ‘326 patent;
Claim 20 of the instant application corresponds to claims 11 and 12 of the ‘326 patent; and
Claim 20 of the instant application corresponds to claims 18 and 19 of the ‘326 patent.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-10 and 31-33 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. The claims do not fall within at least one of the four categories of patent eligible subject matter because the claimed database may be a collection of data (i.e., pure software), an agent (purely software), a token management system (purely software). The Examiner suggests amending the claims to include a system comprising hardware elements in order to overcome the current grounds of the rejection.
Allowable Subject Matter
Claims 6, 7, 16, 17, 26, and 27 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The closest prior art teachings of Madisetti, US 2019/0311357 discloses of tether tokens, wherein a first blockchain network XX uses an in-network token xx and a tether token, where the in-network token xx can be exchanged for the tether token. A second blockchain network YY uses an in-network token yy and a tether token, where the in-network token yy can be exchanged for the tether token. The tether tokens and used in the two networks and are the same. The common tether token may be tethered to a stable fiat currency like USD which is external to blockchain networks XX and YY, see paragraph 0115.
The tether tokens of Madisetti are used for a different purpose versus the Applicant’s claims, wherein it was not found to be taught by the prior art alone, or in combination of one or more access specifications are stored in a dataset referenced by a pointer stored within a tether token, and wherein the pointer is accessed by the token management system when retrieving the one or more access specifications as is recited in dependent claims 6, 16, and 26, when applied in combination with the preceding language of the claims upon which they depend.
Claims 1-5, 8-15, 18-25, and 28-33 would allowed upon the submission of a terminal disclaimer to overcome the obvious-type double patenting rejection. Claims 1-10 and 31-33 would be allowable upon amending the claims to overcome the rejection under 35 U.S.C. 101 as being directed towards non-statutory subject matter.
The following is a statement of reasons for the indication of allowable subject matter:
The closest prior art teachings of Apsingekar et al, U.S. Patent 11,250,157 are relied upon for disclosing of a token handler creates a repository that stores PII information for the user, (col. 9, lines 47-51 and col. 10, lines 10-13); and
the repository may also be maintained and accessed over a network, and can be retrieved from the cloud, col. 10, lines 21-25; the token handler is responsible for generating anonymized data for PII that can be maintained by third parties and used by third parties in the future to redeem the PII, (col. 11, lines 21-62 & 36-43); and user installs application (i.e., token management system) on device, (col. 8, lines 53-60),
user initially registers with token handler to create account, (col. 9, lines 5-7, 13-15, & 43-51), wherein the application (i.e., token management system) is configured to: token handler is responsible for managing access to the PII, (col. 10, lines col. 11, lines 36-40);
token handler then generates tokens that represent the stored PII information, and include certain characteristics associated with the stored information, (col. 12, lines 7-10), token governs when access may be granted to and/or the manner when access is provided to the information, (col. 12, lines 10-20);
data originator or third party may be any agent that provides goods or services to a user, (col. 14, lines 58-66); and
user receives notification when there is a request from an originator, or third party, to redeem their PII, the user then grants consent to reveal or allow user of any portions of the PII to the originator, col. 22, lines 11-26),
user specifies how long the token is valid and/or how many times it can be redeemed (i.e., temporary access), or how many times it can be redeemed during a prescribed interval of time, (col. 12, lines 9-20 and col. 22, lines 21-26), and
how long the token is valid and/or how many times it can be redeemed, or how many times it can be redeemed during a prescribed interval of time, wherein the user can prevent access by deleting (i.e., remove) the token from the system, which prevents access to the PII, (col. 12, lines 9-33); it is noted that the data originator does not store PII permanently, but goes through the token handler for managing access to the user’s PII, col. 15, lines 54-61.
Apsingekar et al fails to teach of determine, using a machine learning model, upon receiving a request for the PII from the agent, that the agent is authorized to access the PII, grant the agent temporary access to the PII by providing the PII in a tokenized form to a device associated with the agent contingent on one or more access specifications being met, and upon determining that one or more of the access specifications is not met, remove the PII from the device associated with the agent.
Kacker et al, US 2024/0265130 is relied upon for disclosing of receiving a data access event, wherein the data access event relates to a data element and determining whether the data element is a personally identifiable information (PII) data element. The method also includes, responsive to a determination that the data element is a PII data element, by the computing device, predicting, using a machine learning (ML) model, a PII protection policy appropriate for the PII data element, and applying the PII protection policy to the PII data element. The method further includes, by the computing device, returning the data access event including the PII data element with the PII protection policy applied, see paragraph 0004.
Kacker et al similarly fails to disclose of determining, using a machine learning model, upon receiving a request for the PII from the agent, that the agent is authorized to access the PII, grant the agent temporary access to the PII by providing the PII in a tokenized form to a device associated with the agent contingent on one or more access specifications being met, and upon determining that one or more of the access specifications is not met, remove the PII from the device associated with the agent.
As per claim 1, it was not found to be taught in the prior art alone, or in combination of determining, using a machine learning model, upon receiving a request for the PII from the agent, that the agent is authorized to access the PII, grant the agent temporary access to the PII by providing the PII in a tokenized form to a device associated with the agent contingent on one or more access specifications being met, and upon determining that one or more of the access specifications is not met, remove the PII from the device associated with the agent pending the submission of a terminal disclaimer to overcome the obvious-type double patenting rejections and when amended to overcome the rejection under 35 U.S.C. 101 as being directed towards purely software, absent of hardware.
As per claim 11, it was not found to be taught in the prior art alone, or in combination of determining, by a machine learning model and upon receiving a request for the PII from an agent in communication with the end user, that the agent is authorized to access the PII; granting the agent temporary access to the PII by providing the PII in a tokenized form to a device associated with the agent contingent on one or more access specifications being met; and upon determining that one or more of the access specifications is not met, removing the PII from the device associated with the agent pending the submission of a terminal disclaimer to overcome the obvious-type double patenting rejections.
As per claim 21, it was not found to be taught in the prior art alone, or in combination of determining, by a machine learning model and upon receiving a request for the PII from an agent in communication with the end user, that the agent is authorized to access the PII; grant the agent temporary access to the PII by providing the PII in a tokenized form to a device associated with the agent contingent on one or more access specifications being met; and responsive to a determination that one or more of the access specifications is not met, remove the PII from the device associated with the agent pending the submission of a terminal disclaimer to overcome the obvious-type double patenting rejections.
Conclusion
The relevant art made of record and not relied upon is considered pertinent to applicant's disclosure.
Whitcomb et al, US 2016/0342811 is relied upon for disclosing of securely storing and accessing sensitive user data (e.g., personally identifying information or PII) is described. In an aspect, PII is divided into a plurality of separately stored data stores based on what type or field of PII are collected. Each piece of PII data or PII datum is associated with a unique code so as to form data pairs comprising the PII datum and the unique code associated with that PII datum. A tumbler data structure allows secure association of the unique codes for the PII data for each user. Once the tumbler data structure is unlocked, a provider can search and access the PII data of its users, see abstract.
Madhavan et al, US 2024/0095394 is relied upon for disclosing of receiving, from a client system, client data that includes information corresponding to a set of users and/or set of user devices, identifying privacy protection protocols that apply to the client data, identifying a particular subset of the client data as being personally identifiable information (PII) data, wherein the particular subset includes a set of PII attributes, splitting the PII attributes into multiple predefined categories based on a format of a data field in the PII attributes, for each predefined category of the multiple predefined categories, selecting, based on the predefined category and the privacy protection protocols, a processing technique from a plurality of processing techniques, and processing PII data corresponding to the predefined category using the selected processing technique, combining the processed PII data corresponding to the multiple predefined categories with non-PII data to create processed client data, determining, based on previous input from the client system and/or based on the processed PII data, to add noise to at least part of the processed PII data, determining an amount of noise based on the privacy protection protocols, adding the amount of noise to the at least part of the processed PII data to produce protected training data, and training a machine-learning model using the protected training data, see paragraph 0006.
Zanouda et al, WO 2024/128949 A1 is relied upon for disclosing of detecting sensitive information in a first text document representative of a first topic is provided. The apparatus (300) is configured to generate a first updated text document by tagging a segment of text in the first text document using a list of one or more types of sensitive information for a second topic; train a language model on text representative of the first topic and on a list of one or more types of sensitive information for a third topic, wherein the language model is a transformer-based machine learning model; and generate a second updated text document by classifying as sensitive a segment of text in the first updated text document using the trained language model representative of relationships between the tagged segment, one or more types of sensitive information for the third topic, and the text representative of the first topic, see abstract.
Czerkies et al, US 2025/0371261 is relied upon for disclosing of enabling users to take advantage of the benefits provided by machine learning models while also preventing the machine learning models from accessing sensitive data. A sensitive data protection service may enable users to interact in a secure way with machine learning models. A user may submit a request for a machine learning model to perform a task. If the request comprises sensitive data, the sensitive data protection service may transform the request into a generic (e.g., general, non-proprietary, not sensitive) request by removing at least a portion of the sensitive data from the request and/or by replacing the at least a portion of the sensitive data with generic data. The sensitive data protection service may add garbage (e.g., dummy, obfuscation) information to the modified request to further obfuscate the sensitive data, see paragraph 0013.
Nelson et al, US 2025/0307460 is relied upon for disclosing of plurality of discrete segments to determine the at least one segment that contains sensitive information according to the sensitivity criterion. In other words, for each segment (or token/embedding representing the segment), it is checked whether the segment contains sensitive information according to the sensitivity criterion. This may be achieved by comparing embeddings representing the respective segments (or tokens) to embeddings representing sensitive tokens, and using their distance in embedding space to determine whether the segment is considered sensitive according to the sensitivity criterion. For example, the respective embeddings may be generated using a local language model trained for embedding of tokens, see paragraph 0023.
Jothilingam, US 2023/0409736 is relied upon for disclosing of securing a portion of a communication includes receiving a request to mark a portion of a communication as sensitive, where the communication includes a sensitive portion and an unsensitive portion. Upon receiving the request, a data property of the sensitive portion is set to a sensitive content property. After setting the data property, the method includes, securing the sensitive portion by initiating security calls for handling the sensitive portion, and transmitting the communication to a recipient. After the communication is transmitted to the recipient, access to the unsensitive portion is provided to the recipient, while the sensitive portion is redacted until the recipient is authenticated for receiving access to the sensitive portion, see abstract.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER REVAK whose telephone number is (571)272-3794. The examiner can normally be reached 5:30am - 3:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Catherine Thiaw can be reached at 571-270-1138. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/CHRISTOPHER A REVAK/Primary Examiner, Art Unit 2407