DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
	Claims 1-20 are pending.

Claim Interpretation
	Claim 12 recites “at least one storage media”.  While broadest reasonable interpretation of “storage media” typically includes transitory media, e.g. signals, Applicant has defined storage media as non-transitory media specifically, e.g. specification paragraph [0096]: “The term "storage media" as used herein refers to any non-transitory media that store data and/or instructions that cause a machine to operate in a specific fashion.”  As such, broadest reasonable interpretation of the term “storage media” with respect to the instant application will be limited to non-transitory media.

Claim Objections
Claims 17-20 objected to because of the following informalities:  
Claims 17-20 each recite “The at least one storage media”, but depend from a method claim.  
Appropriate correction is required.

Claim Rejections - 35 USC § 102

A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1-2, 5-7, 11-13, 16-18 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Hockenbrocht et al (PGPUB 2019/0318121).

Regarding Claims 1 and 12:
Hockenbrocht teaches a method, and at least one storage media storing instructions that, when executed by at least one processor (paragraph 116-118, computer comprising processor and storage medium comprising executable instructions), cause: 
receiving a query that requests aggregate information about entity event data relating to digital content delivered digitally by an entity management system to entities of the entity management system, the query associated with a requester account (paragraph 24-26, system for receiving query for a private database; database containing personal information regarding entities, e.g. health data, financial data, telecom data, etc.; paragraph 36, account management system receives query commands and updates account of respective client according to received query command); 
determining a first privacy allocation for the requester account (paragraph 36, account management system determines if query can be accommodated in view of privacy budget of client, i.e. “first privacy allocation”); 
determining a first privacy value, the first privacy value computed based on the query and a selected privacy algorithm (paragraph 120-122, client is associated with privacy budget that limits access to database; differentially private security system maintains cumulative privacy spend (i.e. first privacy value) based on history of queries); 
deducting the first privacy value from the first privacy allocation to produce a first privacy balance (paragraph 30, client specifies a set of privacy parameters each time the client submits query; the privacy parameters indicate an amount of decrease in the privacy budget of the client in return for a response to the query); 
causing executing of the query on the entity event data and providing a result set in response to the query only if the first privacy balance indicates that the first privacy allocation has not been depleted (paragraph 135-136, if the sums of the privacy spend and the cumulative privacy spend associated with each privacy budget corresponding to the query are less than the maximum privacy spend allowed by the corresponding privacy budget, the query is performed and the results are provided to the client; if, for at least one privacy budget, the sum is instead greater than the maximum privacy spend allowed by the budget, a security action is performed, such as rejecting the query).

Regarding Claims 2 and 13:
Hockenbrocht teaches method of claim 1, and the at least one storage media of claim 12.  In addition, Hockenbrocht teaches wherein the method and instructions, when executed by the at least one processor, further cause: 
determining a second privacy allocation for the requester account (paragraph 125-129, multiple privacy budgets associated with users, e.g. personal budgets (first privacy allocation) and group/organizational budgets (second privacy allocation); if the privacy spend corresponding to a query exceeds any privacy budget associated with the user/group, a security action can be taken); 
determining a privatized result set that contains aggregate information about the entity event data (paragraph 24-26, query applied to private database returning a response), the privatized result (paragraph 24-26, system applies differentially private version of query on the database); 
computing a second privacy value based on the privatized result set (paragraph 133-134, system accesses one or more privacy budgets relevant to the query, e.g. personal/group budgets of the client; differentially private security system determines privacy spend associated with received request, based on privacy parameters as set by the query; individual privacy spend of query can be seen as second privacy value); 
deducting the second privacy value from the second privacy allocation to produce a second privacy balance (paragraph 134-135, individual privacy spend of query summed with cumulative privacy spends associated with corresponding privacy budgets; if the sum is less than the maximum privacy spend allowed by each corresponding privacy budget, the query is performed and results are provided); 
providing, in response to the query, the privatized result set only if the second privacy balance indicates that the second privacy allocation has not been depleted (paragraph 135-136, if the sum is less than the maximum privacy spend allowed by each corresponding privacy budget, the query is performed and results are provided; otherwise, a security action is taken, e.g. rejecting the query).

Regarding Claims 5 and 16:
Hockenbrocht teaches the method of claim 1 and the at least one storage media of claim 12.  In addition, Hockenbrocht teaches wherein the method and the instructions, when executed by the at least one processor, further cause computing, as the first privacy value, a count of queries initiated by the requester account since a last query refresh date (paragraph 122-123, admin resets budget at a certain time; cumulative privacy spend calculated according to number of previous queries and associated privacy spends).

Regarding Claim 6:
Hockenbrocht teaches the method of claim 1.  In addition, Hockenbrocht teaches the method, further comprising determining the first privacy allocation based on at least one of: a query type associated with the query (paragraph 138, queries including relational operators affect privacy spend of the query), a requester type associated with the requester account, or a data type associated with the entity event data.

Regarding Claim 7:
Hockenbrocht teaches the method of claim 2.  In addition, Hockenbrocht teaches the method, further comprising computing, as the second privacy value, a quantity of data in the privatized result set (paragraph 164, quantity of data resulting from joined data operator provides a multiplier for privacy spend; quantity of data therefore determines second privacy value).

Regarding Claim 11:
Hockenbrocht teaches the method of claim 2.  In addition, Hockenbrocht teaches the method, further comprising storing a count used to determine at least one of the first privacy balance and the second privacy balance in a real-time analytics system (paragraph 24, system for receiving analytical queries from a client; paragraph 122, differentially private security system maintains both privacy budgets and cumulative privacy spends; paragraph 114-119, exemplary machine comprising storage units including stored data and instructions for executing the method) and determining the at least (paragraph 135, cumulative privacy spend updated based on received query).

Regarding Claim 17:
Hockenbrocht teaches the at least one storage media of claim 1.  In addition, Hockenbrocht teaches wherein the instructions, when executed by the at least one processor, further cause determining the first privacy allocation based on at least one of: a query type associated with the query (paragraph 138, queries including relational operators affect privacy spend of the query), a requester type associated with the requester account, or a data type associated with the entity event data.

Regarding Claim 18:
Hockenbrocht teaches the at least one storage media of claim 2.  In addition, Hockenbrocht teaches wherein the instructions, when executed by the at least one processor, further cause computing, as the second privacy value, a quantity of data in the privatized result set (paragraph 164, quantity of data resulting from joined data operator provides a multiplier for privacy spend; quantity of data therefore determines second privacy value).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 3-4, 14-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hockenbrocht, and further in view of Hockenbrocht et al (PGPUB 2020/0250335), hereinafter Hockenbrocht 2.

Regarding Claims 3 and 14:
Hockenbrocht teaches the method of claim 2 and the at least one storage media of claim 13.
Hockenbrocht does not explicitly teach wherein method and the instructions, when executed by the at least one processor, further cause setting a query refresh date after which the query may be executed for the requester account if the first privacy allocation is depleted or the second privacy allocation is depleted.
However, Hockenbrocht 2 teaches the concept wherein instructions, when executed by at least one processor, cause setting a query refresh date after which a query may be executed for a requester account if a first privacy allocation is depleted or a second privacy allocation is depleted (paragraph 22, rights to the restricted data may be specified in terms of a privacy budget; the privacy budget describes limits on how much of the restricted data can be released; in one embodiment, the privacy budget is a numerical value representative of a number and/or type of remaining queries available; budget may reset upon expiration of a time period).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the privacy budget reset teachings of Hockenbrocht 2 with the differential privacy system and privacy budget teachings of Hockenbrocht, in order to provide a means of granting further access to a client account automatically after a certain time has passed, thereby balancing utility and convenience of the query client with the security and privacy of the database, as the intervening time generally results in database updates which make executing query-based privacy attacks more difficult.

Regarding Claim 4 and 15:
Hockenbrocht in view of Hockenbrocht 2 teaches the method of claim 3 and the at least one storage media of claim 14.  In addition, Hockbrocht 2 teaches wherein method and the instructions, when executed by the at least one processor, further cause setting the query refresh date to correspond to a data refresh rate used by the entity management system to automatically periodically refresh the entity event data (paragraph 7, 70, relation is operation over database data; refund system processes privacy budget refund upon occurrence of one or more events, e.g. upon logging of new relation).
The rationale to combine Hockenbrocht and Hockenbrocht 2 is the same as provided for claim 14 due to the overlapping subject matter between claims 14 and 15.

Claims 8, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hockenbrocht, and further in view of Curcio et al (PGPUB 2017/0169253).

Regarding Claim 8:
Hockenbrocht teaches the method of claim 7.
Hockenbrocht does not explicitly teach the method, further comprising computing, as the quantity of data, a count of data elements in the privatized result set plus a count corresponding to an order specified by the query.
However, Curcio teaches the concept of a method comprising computing, as a quantity of data, a count of data elements in a privatized result set plus a count corresponding to an order specified by a query (paragraph 34, 37, 39, estimator generates estimates related to transformed query that can be used to construct optimal query plan; cardinality represents number of rows in row set; estimator calculates privacy cost function to optimize query plan; paragraph 72, query optimizer constructs query plan based on order of joining datasets that optimizes use of privacy budgets).


Regarding Claim 19:
Hockenbrocht teaches the at least one storage media of claim 7.
Hockenbrocht does not explicitly teach wherein the instructions, when executed by the at least one processor, further cause computing, as the quantity of data, a count of data elements in the privatized result set plus a count corresponding to an order specified by the query.
However, Curcio teaches the concept wherein instructions, when executed by at least one processor, cause computing, as a quantity of data, a count of data elements in a privatized result set plus a count corresponding to an order specified by a query (paragraph 34, 37, 39, estimator generates estimates related to transformed query that can be used to construct optimal query plan; cardinality represents number of rows in row set; estimator calculates privacy cost function to optimize query plan; paragraph 72, query optimizer constructs query plan based on order of joining datasets that optimizes use of privacy budgets).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the data count and query order teachings of Curcio with the differential privacy system and privacy budget teachings of Hockenbrocht, in order to optimize a series of query operations such that the overall privacy budget is reduced by as little as possible based on the .

Claims 9, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hockenbrocht, and further in view of Jaiswal (Python Data Type Conversion Tutorial).

Regarding Claim 9:
Hockenbrocht teaches the method of claim 2.  In addition, Hockenbrocht teaches the method, further comprising determining at least one of the first privacy value or the second privacy value by computing an expected privacy loss using the selected privacy algorithm (paragraph 135, determined privacy spend reflects loss of privacy due to the query; paragraph 134, differentially private security system determines privacy spend associated with received request based at least in part on privacy parameters as set by the query).
Hockenbrocht does not explicitly teach converting the expected privacy loss to an integer.
However, Jaiswal teaches the concept of converting a data value to an integer (page 4, int() function for converting a float to an integer); and
Hockenbrocht teaches wherein the data value is the expected privacy loss (paragraph 134-135).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the integer type conversion teachings of Jaiswal with the differential privacy system and privacy budget teachings of Hockenbrocht.  In data science, you will often need to change the type of your data, so that it becomes easier to use and work with (Jaiswal, page 1 paragraph 2).

Regarding Claim 20:
(paragraph 135, determined privacy spend reflects loss of privacy due to the query; paragraph 134, differentially private security system determines privacy spend associated with received request based at least in part on privacy parameters as set by the query).
Hockenbrocht does not explicitly teach converting the expected privacy loss to an integer.
However, Jaiswal teaches the concept of converting a data value to an integer (page 4, int() function for converting a float to an integer); and
Hockenbrocht teaches wherein the data value is the expected privacy loss (paragraph 134-135).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the integer type conversion teachings of Jaiswal with the differential privacy system and privacy budget teachings of Hockenbrocht.  In data science, you will often need to change the type of your data, so that it becomes easier to use and work with (Jaiswal, page 1 paragraph 2).

Claim 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hockenbrocht, and further in view of Saxena et al (PGPUB 2016/0269417).

Regarding Claim 10:
Hockenbrocht teaches the method of claim 2.
Hockenbrocht does not explicitly teach the method, further comprising storing at least one of the first privacy allocation and the first privacy balance or the second privacy allocation and the second 
However, Saxena teaches the concept of a method comprising storing at least one of a first privacy allocation and a first privacy balance or a second privacy allocation and a second privacy balance in a database record, associating a requester account with a key, and using the key to retrieve and update the database record (paragraph 55-56, system stores privacy budget allocated to each user profile; system does automated analysis based on current reputation and performance during previous sessions; paragraph 42, Fig. 2, data repository implemented as database; user profiles data stored in database along with roles data, rules data, and other data; paragraph 77, data stored in form of key-value pairs; keys represent identifier of data field and used to store data values).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the database record storage teachings of Saxena with the differential privacy system and privacy budget teachings of Hockenbrocht, in order to utilize well-known database storage techniques to store account/budget information of a user/client, such as key-value pairs, thereby improving storage and access efficiency and reliability, and reducing system development time.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FORREST L CAREY whose telephone number is (571)270-7814. The examiner can normally be reached 9:00AM-5:30PM M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FORREST L CAREY/Examiner, Art Unit 2491                                                                                                                                                                                         


/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491