DETAILED ACTION
This Office Action is in response to the Amendment filed on 02/12/2021.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the instant Amendment, filed on 02/12/2021, no claim have been amended. 
Claims 1-21 have been examined and are pending; claims 1, 9 and 17 are independent.  This Action is made FINAL.
Information Disclosure Statement
The information disclosure statement (IDS), submitted on 10/02/2020, 11/19/2020, is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Response to Arguments/Remarks
Applicants’ arguments in the instant Amendment, filed on 02/12/2021, with respect to the prior-art rejections to claims 1, 2, 6, 8-10, 14, 16-18, and 21 are rejected under 35 U.S.C. 103, and limitations listed below, have been fully considered but they are not persuasive.
Applicant’s Remarks: As to the independent claims 1, 9, and 17, Applicant submits that the applied prior art Curcio or Herz does not teach the amended limitation. Specifically, does not teach the limitations “determining a privacy budget refund in terms of ɛ after performing the query based on the worst-case privacy spend of the performed query and the privacy spends of one or more additional queries recorded in the log”  “privacy parameters, comprising a parameter ɛ describing a degree of information released about the restricted data stored in the database due to the query.” (Applicant Arguments/Remarks, 01/22/2020, pages 12-16). Applicant addresses that, “Examiner appears to have misunderstood or overlooked the argument provided in the response submitted on January 22, 2020.” “As a result of this misunderstanding or oversight, the instant Office action fails to address the substance of Applicant’s remarks regarding the distinctions between the pending claims and the cited references.” And applicant submits evidence that  Office action cites Herz paragraphs 95 and 156 as disclosing “determining a privacy budget refund in terms of ɛ after performing the query based on the worst-case privacy spend of the performed query and the privacy spends of one or more additional queries recorded in the log.” OA, p. 6.” (Applicant Arguments/Remarks, 01/22/2020, page 13). Applicant, presented an analysis on Herz’s invention, and described how Herz involves techniques for monetary pricing of a data query responsive to the prices set by various owners of the data for access to the data. Herz calculates an estimated monetary price based on which data in a database is to be accessed, and subtracts the actual expense from a financial budget. If the estimated price differs from the actual spend, Herz accordingly adjusts the money subtracted from the querying agent’s budget. Herz does not involve a privacy budget in terms of privacy parameters such as ɛ, and certainly does not involve determining a privacy budget refund. Herz does not determine a privacy budget refund, but rather a monetary spend. Herz does not factor for other queries in any sense, but rather determines its pricing based on which data is accessed, (Applicant Arguments/Remarks, 01/22/2020, pages 14-15).
The Examiner disagrees with the Applicants. The Examiner respectfully submits that applied reference teaches the addressed limitations. Examiner, respectfully, points out that not just page 6, nowhere in the office action, mailed out on 09/14/2020, the Examiner has mapped that reference Herz to apply that Herz teaches the first part of the limitation, “determining a privacy budget refund in terms of ɛ.” Therefore, misunderstanding or oversight is not originated from Examiner side. 
 Curcio teaches the limitation determining a privacy budget refund in terms of ɛ after performing the query. Curcio discloses updating the epsilon value and privacy budget for subsequent queries by the user, calculating remaining privacy budget, determining, if predefined threshold is reached the privacy budget for a query for the dataset, and applying an aggregation technique to produce a less costly aggregated query result. Privacy parameters are calculated associated with the datasets, and applies privacy directives associated with the user and the risk associated with the dataset is accessed (Curcio: pars 0028-0030, 0032, 0039, 0045, 0047, 0079, 0083-0085). While, Herz teaches query log; [determining] based on after performing the query based on the worst-case privacy spend of the performed query and the privacy spends of one or more additional queries recorded in the log. Herz discloses when payment is received the query is executed [i.e. execution of a query], and then, appropriate payment is credited [i.e. refund after the query]) balance (Herz: pars 0095, 0156). Therefore, it would have been obvious to one of ordinary skill in the art to combine the teachings of Herz with the method/system of Curcio for the benefit of Herz: pars 0095, 0156). Therefore, broadly interpreted applied prior art teaches the claim limitations.
Claim Rejections - 35 USC § 103
 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 6, 8-10, 14, 16-18, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Curcio et al (“Curcio,” US 2017/0169253, published on 06/15/2017), in view of Herz et al (“Herrz,” US 2009/0254971, published on 10/08/2009).
As to claim 1, Curcio teaches a method for refunding privacy spend to a client based on a query by the client to a database storing restricted data (Curcio: pars 0011-0012, 0014, a system/method for query management for applying budget uses to manage the level of privacy risk of sensitive data queried from database), the method comprising:
receiving a database query from the client, the database query including a relation specifying a set of data in the database upon which to perform the query and privacy parameters associated with the query (Curcio: pars 0011-0012, 0018, 0029-0030, 0082; Fig 4, receives a query request from a user, through a query interface, to access data from a number of datasets stored in database. Receives privacy parameters associated with the datasets, privacy directives associated with the user and the risk associated with the dataset is accessed), comprising a parameter ɛ describing a degree of information released about the restricted data stored in the database due to the query (Curcio: 0028-0030, privacy parameters are calculated associated with the datasets, and applies  privacy directives associated with the user and the risk associated with the dataset is accessed [i.e. degree of information of the data to be released] to safeguard sensitive information [i.e. restricted data] stored in the database);
determining a worst-case privacy spend for the query based on the privacy parameters and the relation (Curcio: pars 0028, 0039-0040, 0082-0083; Fig 4, a differential privacy analysis is performed to create estimate, including a privacy cost function, for a query plane to perform queries on the datasets, based on received privacy parameters associated with the datasets, privacy directives associated with the user and the risk associated with the dataset is accessed and optimizing the query by minimizing the impact of the query on privacy budgets);
performing the query upon the set of data specified by the relation (Curcio: pars 0028-0029, 0083-0084; Fig 4, executing the query based on the created query plan, based on the privacy parameters associated with the datasets, privacy directives associated with the user and the risk associated with the dataset); 
decrementing the determined worst-case privacy spend from a privacy budget associated with the client (Curcio: pars 0039, 0045, 0083-0085, calculating an epsilon value based on the privacy budget to generate noise nose level, reducing the epsilon value depending on sensitivity of the data elements and the number of elements accessed), wherein the privacy budget is at least in terms of ɛ (Curcio: 0028-0030, privacy parameters are calculated associated with the datasets, and applies  privacy directives associated with the user and the risk associated with the dataset is accessed);
recording the worst-case privacy spend and the [ ] query at a log (Curcio: pars 0039, 0045, 0083-0085, updating the epsilon value and privacy budget for subsequent queries by the user); 
determining a privacy budget refund (Curcio: pars 0039, 0045, 0047, 0079, 0083-0085 updating the epsilon value and privacy budget for subsequent queries by the user, calculating remaining privacy budget, determining, if predefined threshold is reached the privacy budget for a query for the dataset, and applying an aggregation technique to produce a less costly aggregated query result), in terms of ɛ (Curcio: 0028-0030, privacy parameters are calculated associated with the datasets, and applies  privacy directives associated with the user and the risk associated with the dataset is accessed); and 
applying the determined privacy budget refund to the privacy budget associated with the client (Curcio: pars 0032, 0039, 0045, 0047, 0079, 0083-0085, calculating remaining privacy budget, and calculating if predefined threshold is reached the privacy budget for a query for the dataset. Determining if remaining balance with a reduced epsilon value would produce a query with additional noise would produce worthless result or not, and applying an aggregation technique, to produce a less costly aggregated query result to cost less from the remaining budget [i.e. budget refunding]).
Curcio does not explicitly teach [recording] performed query log; [determining] based on after performing the query based on the worst-case privacy spend of the 
However, in an analogous art, Herz teaches [recording] performed query log; [determining] based on after performing the query based on the worst-case privacy spend of the performed query and the privacy spends of one or more additional queries recorded in the log (Herz: pars 0095, 0156; when payment is received the query is executed [i.e. execution of a query], and then, appropriate payment is credited [i.e. refund after the query]) balance).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Herz with the method/system of Curcio for the benefit of providing a user with a means for a mechanism where after a query is performed crediting appropriate payment is to make the budget balance as necessary (Herz: pars 0095, 0156). 
As to claim 2, the combination of Curcio and Herz teaches the method of claim 1, 
Curcio and Herz further teaches wherein determining the privacy budget refund based on the performed query and the one or more additional queries recorded in the log comprises: analyzing relationships among the performed query and the one or more additional queries recorded in the log; and determining the privacy budget refund based on the analysis and the worst-case privacy spend of the performed query and of the privacy spends of the one or more additional queries (Curcio: pars 0032, 0039, 0045, 0047, 0079, 0083-0085, updating the epsilon value and privacy budget for subsequent queries by the user, calculating remaining privacy budget, and applying an aggregation technique to produce a less costly aggregated query result. Herz: pars 0026, 0095, 0156, the payment is received the query is executed based on the received payment, and after the query, the appropriate payment is credited to make budget balanced. Queries are scaled to meet a budget [i.e. new or next query is performed based on the refunded balance]).
As to claim 6, the combination of Curcio and Herz teaches the method of claim 1, 
Curcio further teaches comprising: determining whether the worst-case privacy spend exceeds the privacy budget; wherein the query is performed responsive to the worst-case privacy spend not exceeding the privacy budget (Curcio: pars 0032, 0039, 0045, 0047, 0079, 0083-0085, determining if remaining balance with a reduced epsilon value would produce a query with additional noise would produce worthless result or not, and applying an aggregation technique, to produce a less costly aggregated query result to cost less from the remaining budget).
As to claim 8, the combination of Curcio and Herz teaches the method of claim 1, 
Curcio and Herz further teaches comprising: comparing the relation in the performed query to relations in the one or more additional queries in the log; and based on the comparison, determining whether the relation in the performed query is a new relation in the log; wherein determining the privacy budget refund and applying the privacy budget refund are responsive to the relation being a new relation in the log (Curcio: pars 0032, 0039, 0045-0047, 0079, 0083-0085 updating the epsilon value and privacy budget for subsequent queries by the user, calculating remaining privacy budget, and applying an multiple query and aggregation technique to produce a less costly aggregated query result. Herz: pars 0026, 0095, 0156, the payment is received the query is executed based on the received payment, and after the query, the appropriate payment is credited to make budget balanced. Queries are scaled to meet a budget [i.e. new or next query is performed based on the refunded balance]).
As to claim 9, Curcio teaches a non-transitory computer-readable storage medium storing computer program instructions executable by a processor to perform operations for refunding privacy spend to a client based on a query by the client to a database storing restricted data (Curcio: pars 0011-0012, 0014, a system/method for query management for applying budget uses to manage the level of privacy risk of sensitive data queried from database), the operations comprising:
receiving a database query from the client, the database query including a relation specifying a set of data in the database upon which to perform the query and privacy parameters associated with the query (Curcio: pars 0011-0012, 0018, 0029-0030, 0082; Fig 4, receives a query request from a user, through a query interface, to access data from a number of datasets stored in database. Receives privacy parameters associated with the datasets, privacy directives associated with the user and the risk associated with the dataset is accessed), comprising a parameter ɛ describing a degree of information released about the restricted data stored in the database due to the query (Curcio: 0028-0030, privacy parameters are calculated associated with the datasets, and applies  privacy directives associated with the user and the risk associated with the dataset is accessed [i.e. degree of information of the data to be released] to safeguard sensitive information [i.e. restricted data] stored in the database); 
determining a worst-case privacy spend for the query based on the privacy parameters and the relation (Curcio: pars 0028, 0039-0040, 0082-0083; Fig 4, a differential privacy analysis is performed to create estimate, including a privacy cost function, for a query plane to perform queries on the datasets, based on received privacy parameters associated with the datasets, privacy directives associated with the user and the risk associated with the dataset is accessed and optimizing the query by minimizing the impact of the query on privacy budgets);
performing the query upon the set of data specified by the relation (Curcio: pars 0028-0029, 0083-0084; Fig 4, executing the query based on the created query plan, based on the privacy parameters associated with the datasets, privacy directives associated with the user and the risk associated with the dataset); 
decrementing the determined worst-case privacy spend from a privacy budget associated with the client (Curcio: pars 0039, 0045, 0083-0085, calculating an epsilon value based on the privacy budget to generate noise nose level, reducing the epsilon value depending on sensitivity of the data elements and the number of elements accessed), wherein the privacy budget is at least in terms of ɛ (Curcio: 0028-0030, privacy parameters are calculated associated with the datasets, and applies  privacy directives associated with the user and the risk associated with the dataset is accessed);
recording the worst-case privacy spend and the [ ] query at a log (Curcio: pars 0039, 0045, 0083-0085, updating the epsilon value and privacy budget for subsequent queries by the user);
determining a privacy budget refund Curcio: pars 0039, 0045, 0047, 0079, 0083-0085 updating the epsilon value and privacy budget for subsequent queries by the user, calculating remaining privacy budget, determining, if predefined threshold is reached the privacy budget for a query for the dataset, and applying an aggregation technique to produce a less costly aggregated query result) , in terms of ɛ (Curcio: 0028-0030, privacy parameters are calculated associated with the datasets, and applies  privacy directives associated with the user and the risk associated with the dataset is accessed); and 
applying the determined privacy budget refund to the privacy budget associated with the client (Curcio: pars 0032, 0039, 0045, 0047, 0079, 0083-0085, calculating remaining privacy budget, and calculating if predefined threshold is reached the privacy budget for a query for the dataset. Determining if remaining balance with a reduced epsilon value would produce a query with additional noise would produce worthless result or not, and applying an aggregation technique, to produce a less costly aggregated query result to cost less from the remaining budget [i.e. budget refunding]).
Curcio does not explicitly teach [recording] performed query log; [determining] based on after performing the query based on the worst-case privacy spend of the performed query and the privacy spends of one or more additional queries recorded in the log;
However, in an analogous art, Herz teaches [recording] performed query log; [determining] based on after performing the query based on the worst-case privacy spend of the performed query and the privacy spends of one or more additional queries recorded in the log (Herz: pars 0095, 0156; when payment is received the query is executed [i.e. execution of a query], and then, appropriate payment is credited [i.e. refund after the query]) balance).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Herz with the method/system of Curcio for the benefit of providing a user with a means for a mechanism  (Herz: pars 0095, 0156). 
As to claim 10, the combination of Curcio and Herz teaches the non-transitory computer-readable storage medium of claim 9, 
Curcio and Herz further teaches wherein determining the privacy budget refund based on the performed query and the one or more additional queries recorded in the log comprises: analyzing relationships among the performed query and the one or more additional queries recorded in the log; and determining the privacy budget refund based on the analysis and the worst-case privacy spend of the performed query and of the privacy spends of the one or more additional queries (Curcio: pars 0032, 0039, 0045, 0047, 0079, 0083-0085, updating the epsilon value and privacy budget for subsequent queries by the user, calculating remaining privacy budget, and applying an aggregation technique to produce a less costly aggregated query result. Herz: pars 0026, 0095, 0156, the payment is received the query is executed based on the received payment, and after the query, the appropriate payment is credited to make budget balanced. Queries are scaled to meet a budget [i.e. new or next query is performed based on the refunded balance]).
As to claim 14, the combination of Curcio and Herz teaches the non-transitory computer-readable storage medium of claim 9, 
Curcio further teaches the operations further comprising: determining whether the worst-case privacy spend exceeds the privacy budget; wherein the query is performed responsive to the worst-case privacy spend not exceeding the privacy budget (Curcio: pars 0032, 0039, 0045, 0047, 0079, 0083-0085, determining if remaining balance with a reduced epsilon value would produce a query with additional noise would produce worthless result or not, and applying an aggregation technique, to produce a less costly aggregated query result to cost less from the remaining budget).
As to claim 16, the combination of Curcio and Herz teaches the non-transitory computer-readable storage medium of claim 9, 
Curcio and Herz further teaches comprising: comparing the relation in the performed query to relations in the one or more additional queries in the log; and based on the comparison, determining whether the relation in the performed query is a new relation in the log; wherein determining the privacy budget refund and applying the privacy budget refund are responsive to the relation being a new relation in the log (Curcio: pars 0032, 0039, 0045-0047, 0079, 0083-0085 updating the epsilon value and privacy budget for subsequent queries by the user, calculating remaining privacy budget, and applying an multiple query and aggregation technique to produce a less costly aggregated query result. Herz: pars 0026, 0095, 0156, the payment is received the query is executed based on the received payment, and after the query, the appropriate payment is credited to make budget balanced. Queries are scaled to meet a budget [i.e. new or next query is performed based on the refunded balance]).
As to claim 17, Curcio teaches a system, comprising: a processor; and
a non-transitory computer-readable storage medium storing computer program instructions executable by the processor to perform operations for refunding privacy spend to a client based on a query by the client to a database storing restricted data (Curcio: pars 0011-0012, 0014, a system/method for query management for applying budget uses to manage the level of privacy risk of sensitive data queried from database), the operations comprising: 
receiving a database query from the client, the database query including a relation specifying a set of data in the database upon which to perform the query and privacy parameters associated with the query (Curcio: pars 0011-0012, 0018, 0029-0030, 0082; Fig 4, receives a query request from a user, through a query interface, to access data from a number of datasets stored in database. Receives privacy parameters associated with the datasets, privacy directives associated with the user and the risk associated with the dataset is accessed) , comprising a parameter ɛ describing a degree of information released about the restricted data stored in the database due to the query (Curcio: 0028-0030, privacy parameters are calculated associated with the datasets, and applies  privacy directives associated with the user and the risk associated with the dataset is accessed [i.e. degree of information of the data to be released] to safeguard sensitive information [i.e. restricted data] stored in the database); 
determining a worst-case privacy spend for the query based on the privacy parameters and the relation (Curcio: pars 0028, 0039-0040, 0082-0083; Fig 4, a differential privacy analysis is performed to create estimate, including a privacy cost function, for a query plane to perform queries on the datasets, based on received privacy parameters associated with the datasets, privacy directives associated with the user and the risk associated with the dataset is accessed and optimizing the query by minimizing the impact of the query on privacy budgets);
performing the query upon the set of data specified by the relation (Curcio: pars 0028-0029, 0083-0084; Fig 4, executing the query based on the created query plan, based on the privacy parameters associated with the datasets, privacy directives associated with the user and the risk associated with the dataset); 
decrementing the determined worst-case privacy spend from a privacy budget associated with the client (Curcio: pars 0039, 0045, 0083-0085, calculating an epsilon value based on the privacy budget to generate noise nose level, reducing the epsilon value depending on sensitivity of the data elements and the number of elements accessed), wherein the privacy budget is at least in terms of ɛ (Curcio: 0028-0030, privacy parameters are calculated associated with the datasets, and applies  privacy directives associated with the user and the risk associated with the dataset is accessed);
recording the worst-case privacy spend and the [ ] query at a log (Curcio: pars 0039, 0045, 0083-0085, updating the epsilon value and privacy budget for subsequent queries by the user); 
determining a privacy budget refund (Curcio: pars 0039, 0045, 0047, 0079, 0083-0085 updating the epsilon value and privacy budget for subsequent queries by the user, calculating remaining privacy budget, determining, if predefined threshold is reached the privacy budget for a query for the dataset, and applying an aggregation technique to produce a less costly aggregated query result) , in terms of ɛ (Curcio: 0028-0030, privacy parameters are calculated associated with the datasets, and applies  privacy directives associated with the user and the risk associated with the dataset is accessed); and
applying the determined privacy budget refund to the privacy budget associated with the client (Curcio: pars 0032, 0039, 0045, 0047, 0079, 0083-0085, calculating remaining privacy budget, and calculating if predefined threshold is reached the privacy budget for a query for the dataset. Determining if remaining balance with a reduced epsilon value would produce a query with additional noise would produce worthless result or not, and applying an aggregation technique, to produce a less costly aggregated query result to cost less from the remaining budget [i.e. budget refunding]).
Curcio does not explicitly teach [recording] performed query log; [determining] based on after performing the query based on the worst-case privacy spend of the performed query and the privacy spends of one or more additional queries recorded in the log;
However, in an analogous art, Herz teaches [recording] performed query log; [determining] based on after performing the query based on the worst-case privacy spend of the performed query and the privacy spends of one or more additional queries recorded in the log (Herz: pars 0095, 0156; when payment is received the query is executed [i.e. execution of a query], and then, appropriate payment is credited [i.e. refund after the query]) balance).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Herz with the method/system of Curcio for the benefit of providing a user with a means for a mechanism where after a query is performed crediting appropriate payment is to make the budget balance as necessary (Herz: pars 0095, 0156). 
As to claim 18, the combination of Curcio and Herz teaches the system of claim 17, 
Curcio and Herz further teaches wherein determining the privacy budget refund based on the performed query and the one or more additional queries recorded in the log (Curcio: pars 0032, 0039, 0045, 0047, 0079, 0083-0085, updating the epsilon value and privacy budget for subsequent queries by the user, calculating remaining privacy budget, and applying an aggregation technique to produce a less costly aggregated query result. Herz: pars 0026, 0095, 0156, the payment is received the query is executed based on the received payment, and after the query, the appropriate payment is credited to make budget balanced. Queries are scaled to meet a budget [i.e. new or next query is performed based on the refunded balance]).
As to claim 21, the combination of Curcio and Herz teaches the method of claim 1, 
Curcio and Herz further teaches further comprising: performing a subsequent query subsequent to the performed query and prior to determining the privacy budget refund; and recording the subsequent query in the log prior to determining the privacy budget refund; wherein determining the privacy budget refund is based in part on the subsequent query (Curcio: pars 0032, 0039, 0045, 0047, 0079, 0083-0085, updating the epsilon value and privacy budget for subsequent queries by the user, calculating remaining privacy budget, and applying an aggregation technique to produce a less costly aggregated query result. Herz: pars 0026, 0095, 0156, the payment is received the query is executed based on the received payment, and after the query, the appropriate payment is credited to make budget balanced. Queries are scaled to meet a budget [i.e. new or next query is performed based on the recorded/balanced refunded])
Claims 7 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Curcio et al (“Curcio,” US 2017/0169253, published on 06/15/2017), in view of Herz et al (“Herrz,” US 2009/0254971, published on 10/08/2009), and further in view Tippett et al (“Tippett,” US 2005/0278786, published on 12/152005).
As to claim 7, the combination of Curcio and Herz teaches the method of claim 6, but Curcio or Herz does not explicitly teach wherein the privacy budget includes a soft budget and a hard budget, wherein determining whether the worst-case privacy spend exceeds the privacy budget comprises: determining whether the worst-case privacy spend exceeds the hard budget; and responsive to determining the worst-case privacy spend does not exceed the hard budget, determining whether the soft budget is already exceeded; wherein the query is performed responsive to determining that the soft budget is not already exceeded.
However, in an analogous art, Tippett teaches wherein the privacy budget includes a soft budget and a hard budget, wherein determining whether the worst-case privacy spend exceeds the privacy budget comprises: determining whether the worst-case privacy spend exceeds the hard budget; and responsive to determining the worst-case privacy spend does not exceed the hard budget, determining whether the soft budget is already exceeded; wherein the query is performed responsive to determining that the soft budget is not already exceeded (Tippett: pars 0042-0045; fig 1B, analyzing hard and soft costs of a security breaches in determining security risk factors).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Tippett with the analyzing hard and soft costs of a security breaches in determining normalized and weighted security risk factors for ongoing operations (Tippett: pars 0042-0045). 
As to claim 15, the combination of Curcio and Herz teaches the non-transitory computer-readable storage medium of claim 14, but Curcio or Herz does not explicitly teach wherein the privacy budget includes a soft budget and a hard budget, wherein determining whether the worst-case privacy spend exceeds the privacy budget comprises: determining whether the worst-case privacy spend exceeds the hard budget; and responsive to determining the worst-case privacy spend does not exceed the hard budget, determining whether the soft budget is already exceeded; wherein the query is performed responsive to determining that the soft budget is not already exceeded.
However, in an analogous art, Tippett teaches wherein the privacy budget includes a soft budget and a hard budget, wherein determining whether the worst-case privacy spend exceeds the privacy budget comprises: determining whether the worst-case privacy spend exceeds the hard budget; and responsive to determining the worst-case privacy spend does not exceed the hard budget, determining whether the soft budget is already exceeded; wherein the query is performed responsive to determining that the soft budget is not already exceeded (Tippett: pars 0042-0045; fig 1B, analyzing hard and soft costs of a security breaches in determining security risk factors).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Tippett with the method/system of Curcio and Herz for the benefit of providing a user with a means for analyzing hard and soft costs of a security breaches in determining normalized and weighted security risk factors for ongoing operations (Tippett: pars 0042-0045). 
Allowable Subject Matter
Claims 3-5, 11-13, 19 and 20 are considered allowable over prior art, but are objected because of the claim objections.
The reasons for allowable subject matter are addressed in detail in the Non-Final office action mailed out on 09/14/2020.
Conclusion

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002.  The fax number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/JAHANGIR KABIR/             Primary Examiner, Art Unit 2439