Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


DETAILED ACTION

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 03/17/2021 has been entered.


EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such amendment, it MUST be submit no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone conversation with Applicant’s representative, and followed by Email confirmation dated 12/08/2020.

Please replace the current listing of claims with the following:

(Currently Amended) A processor implemented method (200) comprising:
receiving, by a data connector, data from one or more data sources for making the data consumable by one or more data buyers (202);
analyzing, by an inflow data analyzer, the received data to extract and process metadata of the received data (204);
identifying, by the inflow data analyzer, a search space comprising at least one sensitive attribute from the processed metadata based on a pre-defined knowledge base associated with the data (206);
generating, by an adversary model generator, an adversary model by partitioning the search space into sets of buckets, each set corresponding to the at least one sensitive attribute having a privacy data associated thereof (208), wherein generating the adversary model comprises generating the sets of buckets based on one of  (a) pre-defined ranges of values or (b) pre-defined upper and lower bounds, for each of the at least one sensitive attribute based on the pre-defined knowledge base;
computing, by the adversary model generator, bucket count for each of the sets of buckets and creating bucket combinations of the buckets from the sets of buckets (210);
replacing, by the adversary model generator, the privacy data associated with each of the at least one sensitive attribute with a masking bucket from the buckets (212);
computing, by the adversary model generator, an entity count for each of the bucket combinations based on the masking bucket assigned to the privacy data (214);
 computing, by the adversary model generator, an anonymity index based on the computed entity count and a pre-defined privacy threshold (216); [[and]]
;
continually learning and updating the adversary model based on the received data (224);
providing recommendations, by a decision helper module, to data sellers based on the received data (226);
evaluating, by an outflow data analyzer, the output data to match requirements of the one or more data buyers (228); 
determining, by a data release management module, a release plan based on the recommendations by the decision helper module (230);
generating, by a report and alert management module, evaluation reports and alerts based on the output data (232); and
logging, by an event logging module, events associated with the output data (234).

(Original) The processor implemented method of claim 1, wherein the at least one sensitive attribute comprises one or more of binary, categorical, numerical and descriptive texts.

(Cancelled).

(Currently Amended) The processor implemented method of claim [[3]] 1, wherein the range of values and the upper and lower bounds are computed by the inflow data analyzer based on the at least one sensitive attribute.

(Original) The processor implemented method of claim 1, wherein sanitizing the privacy data comprises one of (i) hierarchy masking techniques, (ii) bucket masking techniques, (iii) clustering technique or (iv) shuffling technique.

(Original) The processor implemented method of claim 5, wherein the shuffling technique is performed to obtain balanced buckets, wherein each bucket combination has a balanced entity count.

(Original) The processor implemented method of claim 6 further comprising computing, by a data privacy-utility tradeoff calculator, a utility index based on mid-point of the balanced bucket and the privacy data (220). 

(Original) The processor implemented method of claim 7 further comprising computing, by the data privacy-utility tradeoff calculator, attribute variations based on the number of variations between the buckets and the balanced buckets (222).

(Cancelled). 

(Cancelled).  

(Previously Presented) A system (100) comprising:
one or more processors (102); and
one or more internal data storage devices (106) operatively coupled to the one or more processors (102) for storing instructions configured for execution by the one or more processors (102), the instructions being comprised in:
a data connector (108A) configured to:
receive data from one or more data sources for making the data consumable by one or more data buyers;
an inflow data analyzer (108B) configured to:
analyze the received data to extract and process metadata of the received data; and
identify a search space comprising at least one sensitive attribute from the processed metadata based on a pre-defined knowledge base associated with the data;
an adversary model generator (108C) configured to:
generate an adversary model by partitioning the search space into sets of buckets, each set corresponding to the at least one sensitive attribute having a privacy data associated thereof, wherein generating the adversary model comprises generating the sets of buckets of based on one of  (a) pre-defined ranges of values or (b) pre-defined upper and lower bounds, for each of the at least one sensitive attribute based on the pre-defined knowledge base;
compute bucket count for each of the sets of buckets and creating bucket combinations of the buckets from the sets of buckets;
replace the privacy data associated with each of the at least one sensitive attribute with a masking bucket from the buckets;
compute an entity count for each of the bucket combinations based on the 
compute an anonymity index based on the computed entity count and a pre-defined privacy threshold; and
continually learn and update the adversary model based on the received data;
a data masking module (108D) configured to:
sanitize the privacy data based on the computed anonymity index to generate output data;
a decision helper module (108F) configured to:
provide recommendations to data sellers based on the received data;
an outflow data analyzer (108G) configured to:
evaluate the output data to match requirements of the one or more data buyers;
a data release management module (108H) configured to:
determine a release plan based on the recommendations by the decision helper module (108F);
a report and alert management module (108I) configured to:
generate evaluation reports and alerts based on the output data; and
an event logging module (108J) configured to:
log events associated with the output data.

(Original) The system of claim 11, wherein the at least one sensitive attribute comprises one or more of binary, categorical, numerical and descriptive texts.

(Cancelled).

(Currently Amended) The system of claim [[13]] 11, wherein the range of values and the upper and lower bounds are computed by the inflow data analyzer (108B) based on the at least one sensitive attribute.

(Original) The system of claim 11, wherein the data masking module (108D) is further configured to sanitize the privacy data by one of (i) hierarchy masking techniques, (ii) bucket masking techniques, (iii) clustering technique or (iv) shuffling technique.

(Original) The system of claim 15, wherein the shuffling technique is performed to obtain balanced buckets, wherein each bucket combination has a balanced entity count.

(Original) The system of claim 16 further comprising:
a data privacy-utility tradeoff calculator (108E) configured to:
compute a utility index based on mid-point of the balanced buckets and the privacy data; and
compute attribute variations based on the number of variations between the buckets and the balanced buckets.

(Currently Amended) A computer program product comprising a non-transitory computer readable medium having a computer readable program embodied therein, wherein the computer readable program, when executed on a computing device, causes the computing device to:

analyze the received data to extract and process metadata of the received data;
identify a search space comprising at least one sensitive attribute from the processed metadata based on a pre-defined knowledge base associated with the data;
generate an adversary model by partitioning the search space into sets of buckets, each set corresponding to the at least one sensitive attribute having a privacy data associated thereof, wherein generating the adversary model comprises generating the sets of buckets of based on one of  (a) pre-defined ranges of values or (b) pre-defined upper and lower bounds, for each of the at least one sensitive attribute based on the pre-defined knowledge base;
compute a bucket count for each of the sets of buckets and creating bucket combinations of the buckets from the sets of buckets;
replace the privacy data associated with each of the at least one sensitive attribute with a masking bucket from the buckets;
compute an entity count for each of the bucket combinations based on the masking bucket assigned to the privacy data;
 compute an anonymity index based on the computed entity count and a pre-defined privacy threshold; and
sanitize the privacy data based on the computed anonymity index to generate output data and obtain balanced buckets, wherein each bucket combination has a balanced entity count;
continually learn and update the adversary model based on the received data;
provide recommendations to data sellers based on the received data;
evaluate the output data to match requirements of the one or more data buyers;
determine a release plan based on the provided recommendations;
generate evaluation reports and alerts based on the output data; and
log events associated with the output data.

(Currently Amended) The computer program product of claim 18, wherein the computer readable program further causes the computing device to perform one or more of:
compute a utility index based on mid-point of the balanced buckets and the privacy data; and
compute attribute variations based on the number of variations between the buckets and the balanced buckets[[;]]









Allowable Subject Matter
Claims 1-2, 4-8, 11-12 and 14-19 are allowed.
The following is an examiner's statement of reasons for allowance: This communication warrants No Examiner's Reason for Allowance, applicant's reply make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule 37 CFR 1.104(e). Specifically, applicant’s arguments filed on 09/16/2020 and Examiner’s amendments make the record clear 
Any comments Applicants considers necessary must be submitted no later than the payment of the Issue Fee and to avoid processing delays, should preferable accompany the Issue Fees. Such submission should be clearly labeled "Comments on Statement of Reasons for Allowance". In event of any post-allowance papers (e.g. IDS, 312 amendment, petition, etc.), Applicant is exhorted to mail papers to the Production Control branch in Publications or faxed to post-allowance papers correspondence branch at (703) 308-5864 to expedite issuing process or call PUB's Customer Service if any questions at (703) 305-8497.


Conclusion
The prior art made of record and not relied upon is considered pertinent to Applicant’s disclosure:
US 8024339 B2		Apparatus and method for generating reports with masked confidential data
US 9609025 B1		Protection of sensitive data from unauthorized access
US 20150220625 A1		METHODS AND APPARATUS FOR CONVEYING SURVEILLANCE TARGETS USING BLOOM FILTERS
US 20150161397 A1		MANAGING SENSITIVE PRODUCTION DATA

US 10339341 B2		Methods and systems for obfuscating sensitive information in computer systems
US 20160092699 A1		PRIVACY-PRESERVING COOKIES FOR PERSONALIZATION WITHOUT USER TRACKING

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON CHIANG whose telephone number is (571)270-3393.  The examiner can normally be reached on 9 AM to 6 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/JASON CHIANG/Primary Examiner, Art Unit 2431