DETAILED ACTION
This office action is in response to the application filed on 8/12/2019.  Claim(s) 1-20 is/are pending and are examined.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Information Disclosure Statement PTO-1449
The Information Disclosure Statement(s) submitted by applicant on 6/23/2020 has/have been considered. The submission is in compliance with the provisions of 37 CFR § 1.97. Form PTO-1449 signed and attached hereto. 
Examiner’s Note – Allowable Subject Matter 
Claims 6-7, 15, and 20 overcome the prior art and would otherwise be allowable if incorporated into the independent claims along with any intervening claims as well as made to overcome the non-statutory double patenting rejection below.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).  
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).  
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens.  An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to:  
http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.  

Claim(s) 1-20 is/are rejected on the grounds of nonstatutory double patenting as being unpatentable over claims 1-20 of US application 16/722,840.  Although the claims at issue are not identical in form, they are not patentably distinct from each other (see 
	Regarding claim 8, application 16/722,840 does not, but in related art, Fisse et al. (US 2020/0097679 A1) teaches ¶ 158 teaches CPNI in a cloud environment meant to protect costumer data.
	Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of application 16/722,840 and Fisse, to modify the isolated network security system of application 16/722,840 to include protecting CPNI data as taught in Fisse.  The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-4, 9, 11, 12-14, 16, and 18-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ithal et al. (US 2021/0004479 A1), in view of Ortiz et al. (US 2019/0362083 A1). 
Regarding claims 1, and 18, Ithal teaches:
A method (Ithal, ¶ 98 discloses an implementation using a non-transitory computer readable medium), comprising: 	generating, by a execution environment instance of a network device (Ithal, Fig. 10, ¶ 100 depicts and describes network security system 155 which is isolated from the normal aspects of the computing device to perform security functions. Ithal, Fig. 1, ¶ 37 further describes the security system 155 including Customer Privacy Protection element 156.  Ithal, Fig. 3 depicts Customer Privacy Protection element 156 in greater detail), transactional data that includes private information (Ithal, Figs. 3, 7, ¶ 53-55 and ¶ 71 depict JSON style metadata for an upload activity of a user including sensitive information consisting of their username and IP address); 	removing, by the instance, the private information from the transactional data to generate extracted data (Ithal, ¶ 55 and ¶ 58, sensitive information is parsed out of the metadata file); 	encrypting, by the instance, the extracted data (Ithal, ¶ 55-56 and ¶ 58, sensitive information is parsed out of the metadata file and encrypted); and 	exporting, by the instance, the extracted data to a memory outside of the instance (Ithal, Fig. 2, ¶ 55-56, and ¶ 58, the encrypted sensitive information send to secure cloud and stored at rest)”.
Ithal, depicts and describes network security system 155 which is isolated from the normal aspects of the computing device to perform security functions.  However, Ithal does not specifically state that this system is implemented as a “trusted execution environment”.  

	Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Ithal and Ortiz, to implement the isolated network security system of Ithal as a trusted execution environment as taught in Ortiz.  The motivation to do so would be, as stated by Ortiz, ¶ 75, would be to prevent leakage of customer information and further because doing so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.
Regarding independent claim 11, Ithal in view of Ortiz teaches the limitations of claim 11 as discussed above.  Further, Ithal teaches “communication interface” in Ithal Fig. 10 network subsystem 1074.  Similarly, as motivated above, Ortiz teaches “a memory configured to store an instance of a Trusted Execution Environment (TEE)” in Ortiz, ¶ 73-75 and ¶ 78 describes storing the TEE in a memory.

Regarding claims 2 and 12, Ithal in view of Ortiz teaches:
“The method of claim 1 (Ithal in view of Ortiz teaches the limitations of the parent claims as discussed above), wherein generating the transactional data includes: 	receiving, by the TEE instance and from a customer device, customer identifiable data (Ithal, Figs. 3, 7, ¶ 53-55 and ¶ 71 depict and describe live data received from the customer device including username and IP address.  Ithal, Fig. 1 depicts ‘customer data privacy protection’); and 	adding, by the TEE instance, service data associated with the customer identifiable data, to generate the transactional data (Ithal, Figs. 3, 7, ¶ 53-55 and ¶ 71 depict and describe JSON style metadata for an upload activity of a user including sensitive information consisting of their username and IP address)”.

Regarding claim 3, Ithal in view of Ortiz teaches:
“The method of claim 1 (Ithal in view of Ortiz teaches the limitations of the parent claims as discussed above), wherein removing the private information from the transactional data further comprises: 	obtaining, by the TEE instance, a definition of private data (Ithal, ¶ 53-54, customer determines which private data should be marked as sensitive); and 	applying, by the TEE instance, the definition to the transactional data (Ithal, ¶ 55 and ¶ 58, sensitive information is parsed out of the metadata file)”.

Regarding claims 4, 14, and 19, Ithal in view of Ortiz teaches:
“The method of claim 1 (Ithal in view of Ortiz teaches the limitations of the parent claims as discussed above), wherein exporting the extracted data comprises: 	sending the extracted data to an anonymizing platform that generates anonymized extracted data (Ithal, Fig. 2, ¶ 55-56, sensitive data encryptor 256 receives the sensitive data from log processor 264 which was stored in the metadata file), and 	storing the anonymized extracted data in the memory outside of the TEE instance, wherein the extracted data is available for analytics without revealing the private information  (Ithal, Fig. 2, ¶ 55-56, and ¶ 58, the encrypted sensitive information send to secure cloud and stored at rest in encrypted form)”.

Regarding claims 9 and 16, Ithal in view of Ortiz teaches:
“The method of claim 1 (Ithal in view of Ortiz teaches the limitations of the parent claims as discussed above), further comprising: 	generating a first hash value from the extracted data (Ithal, ¶ 56, the sensitive data is hashed to make a signature of the hashed information); 	receiving a second hash value of the extracted data (Ithal, ¶ 57, management client make a query for information which generates a hash for the queried information); and 	validating the extracted data based on a comparison of the first and second hash values (Ithal, ¶ 57, when the query hash matches the stored hash the sensitive information is retreived)”.

Regarding claim 13, Ithal in view of Ortiz teaches:
“The network device of claim 11 (Ithal in view of Ortiz teaches the limitations of the parent claims as discussed above), wherein, when removing the private information from the transactional data, the processor is further configured to execute the instructions stored in the memory to: 	obtain a definition of private data as configured by a customer (Ithal, Fig. 6, ¶ 53-54, customer determines which private data should be marked as sensitive); and 	apply the definition to the transactional data (Ithal, ¶ 55 and ¶ 58, sensitive information is parsed out of the metadata file)”.

Claim(s) 5, 10, and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ithal in view of Ortiz in view of Antonatos et al. (US 2021/0034608 A1).
Regarding claim 5, Ithal in view of Ortiz teaches:
“The method of claim 4 (Ithal in view of Ortiz teaches the limitations of the parent claims as discussed above)”.	Ithal in view of Ortiz do not, but in related art, Antonatos teaches:
“wherein storing the anonymized extracted data includes storing the anonymized extracted data in an unencrypted format (Antonatos, ¶ 71 teaches anonymizing customer data by generalizing the information while keeping it in an unencrypted format that protects the information while allowing it to be queried)”.	Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Ithal, Antonatos and Ortiz, to modify the isolated network security system of Ithal and Ortiz to include the process to anonymizing customer data by generalizing the information while keeping it in an unencrypted format as taught in Antonatos.  The motivation to do so, as discussed by Antonatos ¶ 71 protects the information while allowing it to be queried and further constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.

Regarding claim 10, Ithal in view of Ortiz teaches:
“The method of claim 1 (Ithal in view of Ortiz teaches the limitations of the parent claims as discussed above), further comprising: 	receiving the extracted data from the TEE instance (Ithal, Fig. 2, ¶ 55-56, and ¶ ); 	decrypting the extracted data to form unencrypted extracted data (Ithal, ¶ 57, management client make a query for information which is unencrypted)”.
 Ithal in view of Ortiz do not, but in related art, Antonatos teaches:	“anonymizing the unencrypted extracted data to form anonymized unencrypted extracted data (Antonatos, ¶ 71 teaches anonymizing customer data by generalizing the information while keeping it in an unencrypted format that protects the information while allowing it to be queried)”.	Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Ithal, Antonatos and Ortiz, to modify the isolated network security system of Ithal and Ortiz to include the process to anonymizing customer data by generalizing the information while keeping it in an unencrypted format as taught in Antonatos.  The motivation to do so, as discussed by Antonatos ¶ 71 protects the information while allowing it to be queried and further constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.

Regarding claim 17, Ithal in view of Ortiz teaches:
“The network device of claim 11 (Ithal in view of Ortiz teaches the limitations of the parent claims as discussed above)”.	Ithal in view of Ortiz do not, but in related art, Antonatos teaches:
“wherein the processor is further configured to execute the instructions stored in the memory to: 	anonymize the extracted data to form anonymized unencrypted extracted data (Antonatos, ¶ 71 teaches anonymizing customer data by generalizing the information while keeping it in an unencrypted format that protects the information while allowing it to be queried)”.	Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Ithal, Antonatos and Ortiz, to modify the isolated network security system of Ithal and Ortiz to include the process to anonymizing customer data by generalizing the information while keeping it in an unencrypted format as taught in Antonatos.  The motivation to do so, as discussed by Antonatos ¶ 71 protects the information while allowing it to be queried and further constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.

Claim(s) 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ithal in view of Ortiz in view of Fisse et al. (US 2020/0097679 A1).
Regarding claim 8, Ithal in view of Ortiz teaches:
“The method of claim 1 (Ithal in view of Ortiz teaches the limitations of the parent claims as discussed above)”.
Ithal in view of Ortiz do not, but in related art, Fisse teaches:
“wherein the private information includes customer proprietary network information (CPNI) (Fisse, ¶ 158 teaches CPNI in a cloud environment meant to protect costumer data)”.
	Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Ithal, Fisse and Ortiz, to modify the constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.

Conclusion
	In the case of amending the claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention.
	The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure: See PTO-892.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to STEPHEN GUNDRY whose telephone number is (571)270-0507 and can normally be reached on Monday - Friday 8:30 AM - 5PM EST.
	If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571) 272-3685.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO 
/STEPHEN T GUNDRY/Examiner, Art Unit 2435