DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

1. The following is a Final Office Action in response to applicant’s arguments filed on January 25, 2021

Claims 1-20 are rejected
Claims 1-20 are pending

Response to Arguments

1.) Applicant’s amendment to claim filed on 1/25/2021 regarding “a plurality of input datasets” necessitated the new ground(s) of rejection presented in this Office action. Therefore, Applicant's arguments with respect to claims 1-7 have been considered but are moot in view of the new ground(s) of rejection.

2.) Applicant’s argument filed on 1/25/2021 regarding 35 U.S.C. 103 rejection of claim 8 has been fully considered and is persuasive. Therefore, claims 8-13 are allowed.

3.) Applicant’s argument filed on 1/25/2021 regarding 35 U.S.C. 103 rejection of claim 
	In the remarks, applicant argues:
Nerurkar does not teach the amendment “providing access to an exposable portion of …collaborative data…without exposing….the derived joint data” since exposure of the derived joint data is not permissible.

The examiner respectfully disagrees with the applicant. Nerurkar discloses in paragraphs 0031-0033 that access to data[e.g. data owners, fused joint data, or derived joint data] is restricted
. Therefore, exposure of data to unauthorized parties is prevented and is managed by the privacy budget.

4.) Applicant’s argument filed on 1/25/2021 regarding 35 U.S.C. 103 rejection of claim 14 has been fully considered, but is not persuasive.
	In the remarks, applicant argues:
Request the rejection to be held in abeyance until the claims are in condition for allowance.
The examiner maintains Double Patenting rejection

5.) Applicant’s argument filed on 1/25/2021 regarding 35 U.S.C. 103 rejection of claim 8-13 has been fully considered, but is not persuasive.
	In the remarks, applicant argues:
	Neruurkar does not teach fusing , by a second operation of the data privacy 

 	The examiner agrees that the newly amended independent claim 8 overcomes the prior art of record but, does not place the claims in condition for allowance due to the outstanding Double Patenting rejection. However, the claim would be allowed if a Terminal Disclaimer is filed. The prior art of record do not teach storing a representation of a data privacy pipeline that’s defined by a tenant agreement such that the data privacy pipeline is configured to derive collaborative data provided by the tenants without being exposed; and using the data privacy pipeline to ingest of data from tenants, fusing data from tenants, deriving joint data from tenants, and performing a sanitation operation.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/forms/. The filing date of the application in which the form is filed  determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1, 8 and 14 are provisionally rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claim 1 of copending Applications No. 16/388,703 and No. 16/388,700.  Although the conflicting claims are not identical, they are not patentably distinct from each other(see comparison table below) because claims 1, 8, and 14 of the instant application is anticipated by the subject matter recited in claim 1, 8, and 14 of the co-pending applications No. 16/388,703 and No. 16/388,700.
This is a provisional double patenting rejection since the conflicting claims have not in fact been patented. 

Instant Application
Co-pending application
16/388,703
1. A data trustee environment comprising: one or more hardware processors and memory configured to provide computer program instructions to the one or more hardware processors; and a data privacy pipeline configured to use the one or more hardware processors toderive collaborative data from a plurality of input datasets, provided by a plurality of tenants, based on one or more constraints that are specified in a tenant agreement among the plurality of tenants and that define an exposable portion of the collaborative data that is allowed to be shared and a restricted portion of the collaborative data that is not allowed to be shared, wherein the data trustee environment is configured to provide the plurality of tenants access to the exposable portion of the collaborative data without exposing the restricted portion. 

8. One or more computer storage media storing computer-useable instructions that, when used by one or more computing devices, cause the one or more computing devices to perform operations comprising: ingesting, based on a tenant agreement among a plurality of tenants, data from a plurality of input datasets provided by the plurality of tenants, to generate a plurality of sets of ingested data; fusing the plurality of sets of ingested data, based on the tenant agreement, to generate fused joint data; performing at least one constrained computation on the fused joint data, based on the tenant agreement, to generate derived joint data; and performing at least one sanitation operation on the derived joint data, based on the tenant agreement, to generate collaborative data comprising an exposable portion derived from the input datasets that is allowed to be shared and a restricted portion derived from the input datasets that is not allowed to be shared. 
14. A method for generating collaborative data, the method comprising: fusing a plurality of sets of data, based on at least one specified computation or constraint, to generate fused joint data; performing at least one constrained computation on the fused joint data, based on the at least one specified computation or constraint, to generate derived joint data; performing at least one sanitation operation on the derived joint data, based on the at least one specified computation or constraint, to generate the collaborative data comprising an exposable portion derived from the plurality of sets of data that is allowed to be shared and a restricted portion derived from the plurality of sets of data that is not allowed to be shared; and providing access to the exposable portion of the collaborative data based on the at least one specified computation or constraint. 



1. A data trustee environment comprising: one or more hardware processors and memory configured to provide computer program instructions to the one or more hardware processors; a constrained querying component configured to use the one or more hardware processors to: receive, from a data consumer, a query on shielded collaborative data stored in the data trustee environment, wherein the shielded collaborative data is generated in the data trustee environment from a plurality of input datasets provided by the plurality of tenants, wherein the shielded collaborative data includes an exposable portion that is allowed to be shared and a restricted portion that is not allowed to be shared, wherein the data trustee environment is configured to provide the plurality of tenants access to the exposable portion of the shielded collaborative data without exposing the restricted portion; and generate, based on the query and one or 
8. One or more computer storage media storing computer-useable instructions that, when used by one or more computing devices, cause the one or more computing devices to perform operations comprising: receiving, from a data consumer, a query to generate collaborative intelligence from shielded collaborative data, wherein the shielded collaborative data is generated from a plurality of input datasets provided by the plurality of tenants, wherein the shielded collaborative data includes an exposable portion that is allowed to be shared and a restricted portion that is not allowed to be shared; issuing a request for permission to execute at least one executable unit of logic corresponding to the query; receiving a response resolving the request based on one or more constraints specified in a tenant agreement among the plurality of tenants; and generating collaborative intelligence from the shielded collaborative data based on the query and the response resolving the request. 
 
14. A method for constrained querying, the method comprising: receiving, from a data consumer, a query on shielded collaborative data stored in a data trustee environment, wherein the shielded collaborative data is generated from a plurality of input datasets provided by a plurality of tenants, wherein the shielded collaborative data includes an exposable portion derived from the plurality of input datasets and allowed to be shared and a restricted portion derived from the plurality of input datasets and not allowed to be shared; parsing the query into an execution tree; generating a constrained execution tree based on the execution tree and one or more constraints specified in a tenant agreement among the plurality of tenants; and generating collaborative intelligence from the shielded collaborative data based on the constrained execution tree. 
.




Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made

1.) Claims 1-4 and 7 are rejected under 35 U.S.C. 103 as being unpatentable over US 20190236598, Padmanabhan over IDS supplied reference US 2009282045, Hsieh
 	In regards to claim 1, Padmanabhan teaches a data trustee environment comprising: one or more hardware processors and memory configured to provide computer program instructions to the one or more hardware processors(see US 20190236598, Padmanabhan, para. 0044, processor and memory); and  	a data privacy pipeline(see US 20190236598, Padmanabhan, para. 0493, where a system may be implemented using a VPN) configured to use the one or more hardware processors to derive collaborative data from a plurality of input datasets, provided by a plurality of tenants(see US 20190236598, Padmanabhan, para. 0046, where data information may be received[i.e. input]),  	Padmanabhan does not teach based on one or more constraints that are specified in a tenant agreement among the plurality of tenants and that define an exposable portion of the collaborative data that is allowed to be shared and a restricted portion of the collaborative data that is not allowed to be shared, wherein the data trustee environment is configured to provide the plurality of tenants access to the exposable portion of the collaborative data without exposing the restricted portion or the plurality of input datasets 	However, Hsieh teaches based on one or more constraints that are specified in a tenant agreement among the plurality of tenants and that define an exposable portion of the collaborative data that is allowed to be shared and a restricted portion of the collaborative data that is not allowed to be shared, wherein the data trustee environment is configured to provide the plurality of tenants access to the exposable portion of the collaborative data without exposing the restricted portion or the plurality of input datasets (see US 2009282045, Hsieh, para. 0059-0061 and fig. 3, where a trust hierarchy is established. Each security trust specifies a set of data access rights between tenant and a trustee, wherein complete trust allows access to all tenant’s data, subsidiary trust allows a trustee[e.g. a parent organization] to access all of tenant’s data[e.g. subsidiary organization], and a partnership trust allows a trustee to access a portion of the tenant’s data, where a partnership trust may specify restrictions on the data access rights). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Padmanabhan with the teaching of Hsieh because a user would have been motivated to apply the tenant agreement, taught by Hsieh, to the VPN and multi-tenant data, taught by Padmanabhan in order to improve data security for the datasets used in the collaborative network(see Hsieh, para. 0001)
 	In regards to claim 2, the combination of Padmanabhan and Hsieh teach the data trustee environment of claim 1, wherein the data privacy pipeline is a cloud service in the data trustee environment(see US 2009282045, Hsieh, para. 0055-0056, where the queries on multi-tenant database may be distributed across a network[e.g. cloud service]). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Padmanabhan with the teaching of Hsieh because a user would have been motivated to apply the tenant agreement, taught by Hsieh, to the VPN and multi-tenant data, taught by Padmanabhan in order to improve data security for the datasets used in the collaborative network(see Hsieh, para. 0001)
 	In regards to claim 3, Padmanabhan and Hsieh teach the data trustee environment of claim 1, wherein the data privacy pipeline is configured to ingest data from the plurality of input datasets based on determination that the data is joint data designated by the tenant agreement for processing by the data privacy pipeline without (see US 2009282045, Hsieh, fig. 7, where a plurality of tenant data may be read[i.e. injested] and shared based on the level of trust[e.g. complete trust, subsidiary trust, partnership trust]). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Padmanabhan with the teaching of Hsieh because a user would have been motivated to apply the tenant agreement, taught by Hsieh, to the VPN and multi-tenant data, taught by Padmanabhan in order to improve data security for the datasets used in the collaborative network(see Hsieh, para. 0001)
 	In regards to claim 4, Padmanabhan and Hsieh teach the data trustee environment of claim 1, wherein the data privacy pipeline is configured to fuse a plurality of sets of ingested data, ingested from the plurality of input datasets, by combining the plurality of sets of ingested data based on at least one fusion operation specified in the tenant agreement(see US 2009282045, Hsieh, fig. 7, where a plurality of tenant data may be merged[i.e. fused] and shared based on the level of trust[e.g. complete trust, subsidiary trust, partnership trust]). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Padmanabhan with the teaching of Hsieh because a user would have been motivated to apply the tenant agreement, taught by Hsieh, to the VPN and multi-tenant data, taught by Padmanabhan in order to improve data security for the datasets used in the collaborative network(see Hsieh, para. 0001)(see US 2009282045, Hsieh, para. 0061, where restriction may specify what portions of the tenant’s data may be accessible). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Padmanabhan with the teaching of Hsieh because a user would have been motivated to apply the tenant agreement, taught by Hsieh, to the VPN and multi-tenant data, taught by Padmanabhan in order to improve data security for the datasets used in the collaborative network(see Hsieh, para. 0001)

2.) Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over US 20190236598, Padmanabhan over IDS supplied reference US 2009282045, Hsieh and further in view of US 20180349384, Nerurkar
 	In regards to claim 5, the combination of Padmanabhan and Hsieh teach the data trustee environment of claim 1. The combination Padmanabhan and Hsieh do not teach wherein the data privacy pipeline is configured to perform at least one constrained computation specified in the tenant agreement, wherein the at least one constrained computation comprises a baseline computation and a condition precedent to performing the baseline computation (see US 20180349384, Nerurkar, para. 0033 and 0037, where a privacy budget is used to determine how much restricted data may be released, wherein the privacy budget may not exceed a specified budget[i.e. baseline]). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Padmanabhan and Hsieh with the teaching of Nerurkar by enhancing determination of access rights to a multi-tenant database by employing differential privacy techniques in or to protect restricted data information(see Nerurkar, para. 0006)
3.) Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over US 20190236598, Padmanabhan over IDS supplied reference US 2009282045, Hsieh and further in view of US 20060080554, McDonald
 	In regards to claim 6, the combination of Padmanabhan and Hsieh teach the data trustee environment of claim 1. The combination of Padmanabhan and Hsieh do not teach wherein the data privacy pipeline is configured to perform at least one sanitation operation specified in the tenant agreement to omit at least some data from the collaborative data 	However, McDonald teaches wherein the data privacy pipeline is configured to  (see US 20060080554, McDonald, para. 0022 and 0027,where data may be classified as being sensitive or insensitive, wherein the sensitive data is sanitized and restricted from being accessed). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Padmanabhan and Hsieh with the teaching of McDonald because a user would have been motivated to enhance protection of database items, taught by Hsieh, by using sanitizing methods in order to prevent unauthorized parties from accessing restricted data information(see McDonald, para. 0002)
4.) Claims 14-20 are rejected under 35 U.S.C. 103 as being unpatentable over IDS supplied references US 2009282045, Hsieh in view of US 20180349384, Nerurkar and further in view of US 20060080554, McDonald 	In regards to claim 14, Hsieh teaches a method for generating collaborative data, the method comprising: 	fusing data from different data owners, based on at least one specified computation or constraint, to generate fused joint data(see US 2009282045, Hsieh, para. 0070, where multiple tenants are merged and implicitly have agreement to have access to all each other’s data); 	Hsieh does not teach performing at least one constrained computation on the ; 	However, Nerurkar teaches performing at least one constrained computation on the fused joint data, based on the at least one specified computation or constraint, to generate derived joint data(see US 20180349384, Nerurkar, para. 0033 and 0037, where a privacy budget is used to determine how much restricted data may be released); 	providing access to the exposable portion of the collaborative data based on the at least one specified computation or constraint, without exposing the data from the different data owners, the fused joint data, or the derived joint data(see US 20180349384, Nerurkar, fig. 10, step 1018, where a client is provided access to the results based on the privacy budget); 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Hsieh with the teaching of Nerurkar by enhancing determination of access rights to a multi-tenant database by employing differential privacy techniques in or to protect restricted data information(see Nerurkar, para. 0006); and 	the combination of Hsieh and Nerurkar do not teach performing at least one sanitation operation on the derived joint data, based on the at least one specified computation or constraint, to generate the collaborative data comprising an exposable (see US 20060080554, McDonald, para. 0022 and 0027,where data may be classified as being sensitive or insensitive, wherein the sensitive data is sanitized and restricted from being accessed); 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Hsieh and Nerurkar with the teaching of McDonald because a user would have been motivated to enhance protection of database items, taught by Hsieh, by using sanitizing methods in order to prevent unauthorized parties from accessing restricted data information(see McDonald, para. 0002).
 	In regards to claim 15, the combination of Hsieh, Nerurkar, and McDonald teach the method of claim 14, wherein the method is part of a cloud service configured to spin up and spin down on demand(see US 2009282045, Hsieh, para. 0055-0056, where the queries on multi-tenant database may be distributed across a network[e.g. cloud service]).
 	In regards to claim 16, the combination of Hsieh, Nerurkar, and McDonald teach the method of claim 14, further comprising deleting the fused joint data and the derived joint data upon generating the collaborative data(see US 20060080554, McDonald, para. 0165, where a subset of the data  is identified and the remaining data is deleted). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Hsieh and Nerurkar with the teaching of McDonald because a user would have been motivated to enhance protection of database items, taught by Hsieh, by using sanitizing methods in order to prevent unauthorized parties from accessing restricted data information(see McDonald, para. 0002)
 	In regards to claim 17, the combination of Hsieh, Nerurkar, and McDonald teach the method of claim 14, wherein fusing the data from the different data owners comprises performing one or more of a join operation, a custom join, or a data append to combine data from the plurality of sets of data(see US 2009282045, Hsieh, para. 0044, where a complete trust security type enables a tenant and trustee to combine and read [i.e. injest] their respective data information).
 	In regards to claim 18, the combination of Hsieh, Nerurkar, and McDonald teach the method of claim 14, wherein the at least one constrained computation comprises an aggregation operation(see US 20180349384, Nerurkar, para. 0033, where a calculation may cumulatively[i.e. aggregated] be performed across multiple queries from a client, wherein the privacy budget may be calculated across queries based on satisfying a specific time period, a particular source, and/or not exceeding a specific value). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Hsieh (see Nerurkar, para. 0006)
 	In regards to claim 19, the combination of Hsieh, Nerurkar, and McDonald teach the method of claim 14, wherein the at least one sanitation operation comprises at least one precision adjustment(see US 20060080554, McDonald, fig. 9 and para. 0165,  where data sanitizer perform data slicing[i.e. precision adjusting] that entails identifying a subset of data and deleting all others). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Hsieh and Nerurkar with the teaching of McDonald because a user would have been motivated to enhance protection of database items, taught by Hsieh, by using sanitizing methods in order to prevent unauthorized parties from accessing restricted data information(see McDonald, para. 0002)
 	In regards to claim 20, the combination of Hsieh, Nerurkar, and McDonald teach the method of claim 14, wherein providing access to the exposable portion of the collaborative data comprises at least one of exporting the exposable portion of the collaborative data or storing the collaborative data in a data trustee environment and denying access by any of the data owners to the restricted portion of the collaborative data based on an agreement among the data owners(see US 2009282045, Hsieh, para. 0038-0039, where the data access rights for a security trust are stored, wherein tenants and trustees of a particular security trust are permitted access while restricting access by others).
CONCLUSION

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GREGORY LANE whose telephone number is (571)270-7469.  The examiner can normally be reached on 571 270 7469 from 8:00 AM to 6:00 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Taghi Arani, can be reached on 571 272 3787.  The fax phone number for 

/GREGORY A LANE/ Examiner, Art Unit 2438



/David J Pearson/Primary Examiner, Art Unit 2438