Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Office Action is in response to the instant Application 16/279,013 filed on 2/19/2019. Claims 1-20 are pending. This Office Action is Non-Final.

Information Disclosure Statement
The information disclosure statement (IDS), submitted on 5/10/2019, is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: “module” in claim 11.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  

Allowable Subject Matter
Claim 20 is allowed.
The following is an examiner’s statement of reasons for allowance: The present invention is directed towards A privacy protection component can automatically comply with a set of privacy requirements when displaying input data.  
The closest prior art of Lancioni et al (US 2018/0082068) in view of Zimmer et al. (US 2018/0096260), Calcaterra et al. (US 2018/0351961), Yatziv et al. (US 2018/0189629) and Mont et al. (US 2005/0251865) fails to disclose, teach or even suggest “a comparison module configured to execute a comparison of the input data to at least one machine-learning model trained on a normal benign behavior of the network entity using a normal behavior benchmark describing parameters corresponding to a normal pattern of activity for that network entity to spot behavior on the network deviating from the normal benign behavior of that network entity in order to identify whether the network entity is in a breach state of the normal behavior benchmark, and a cyber threat module configured to identify whether the breach state identified by the comparison module and a chain of relevant behavioral parameters deviating from the normal benign behavior of that network entity correspond to a cyber threat; and a privacy protection component that includes a clustering module configured to identify .

Claim 9 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to 

Claims 1, 2, 4, 6, 8, 10, 11 and 16-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lancioni et al (US 2018/0082068) in view of Zimmer et al. (US 2018/0096260).

	As per claim 1, Lancioni teaches a method for a privacy protection component in a cyber threat defense system to comply with a set of privacy requirements when displaying input data, comprising: identifying data fields with data values within input data as data identifiable to a network entity [[using one or more machine-learning models trained on known data fields and their data]], where the network entity is at least one of a user and a device associated with a network being protected by the cyber threat defense system (Lancioni, Paragraph 0032 recites “At operation 502, data to be displayed by electronic display 322 is detected. For example, a user opens a document or types in data via a keyboard so that the document or typed in data will then be displayed on at least a portion of the electronic display 322. At operation 504, a determination is made (e.g., based on detected tags) regarding whether the detected data is private. If the detected data is not private then the data is simply displayed on electronic display 322 at operation 506. If the detected data is determined to be private then, at operation 508, location context data is detected (e.g., from GPS receiver 410 and/or microphone 416). At operation 510, a determination is made (e.g., based on an ambient noise level) regarding whether the current location of the electronic display 322 is a private location. If the current location is not determined to be a private location then the method returns to operation 506 in order to simply display the detected data on electronic display 322. If the current location is determined to be a private location then, at operation 512, boundaries of an area of electronic display 322 where the detected data is to be displayed are detected (e.g., a text box defined by application associated with detected data).”);
	clustering the data values with other data values having similar characteristics [[using at least one machine-learning model trained]] on known data fields with identified privacy levels used in the network to infer a privacy level associated with each data field, where a privacy level is utilized to indicate whether, at least, a first data value in a first data field should be public or anonymized (Lancioni, Paragraph 0032 recites “At operation 504, a determination is made (e.g., based on detected tags) regarding whether the detected data is private. If the detected data is not private then the data is simply displayed on electronic display 322 at operation 506. If the detected data is determined to be private then, at operation 508, location context data is detected (e.g., from GPS receiver 410 and/or microphone 416).” And Paragraph 0024 recites “The privacy filter generation module 320 may be configured to receive privacy indications provided by the private data detection module 316, the data boundaries detection module 318 and the context aware privacy module 314 in order to determine whether or not a privacy filter should be rendered over a portion of display 322 based on these privacy indications. It is noted that multiple privacy filters may be used, such that each of the multiple privacy filters may obscure separate and distinct portions of the display 322.”); 
	determining a privacy status of the first data field by comparing the privacy level to a permission threshold (Lancioni, Paragraph 0032 recites “At operation 504, a determination is made (e.g., based on detected tags) regarding whether the detected data is private. If the detected data is not private then the data is simply displayed on electronic display 322 at operation 506. If the detected data is determined to be private then, at operation 508, location context data is detected (e.g., from GPS receiver 410 and/or microphone 416).” It is being interpreted that the tags used would read on a threshold.  The threshold is used to determine if data is to be considered private or not, therefore the tags would be a “threshold” necessary to determine if data is private.);
	applying an alias transform to the first data value in the first data field with a privacy alias to anonymize the first data value in the data field; and presenting the privacy alias to a system user in place of the first data value (Lancioni, Paragraph 0024 recites “The privacy filter generation module 320 may be configured to receive privacy indications provided by the private data detection module 316, the data boundaries detection module 318 and the context aware privacy module 314 in order to determine whether or not a privacy filter should be rendered over a portion of display 322 based on these privacy indications. It is noted that multiple privacy filters may be used, such that each of the multiple privacy filters may obscure separate and distinct portions of the display 322.”).”).
	Lancioni fails to explicitly teach the use of a machine-learning model.
(Zimmer, Paragraph 0079 recites “the instructions when executed on a machine, cause the machine to: receive a collection of data, wherein the collection of data comprises device data generated by a plurality of networked devices; execute a machine learning algorithm on the collection of data to: aggregate received device data; apply privacy policy to private device data; assign a context to aggregated device data; generate aggregated device data characteristics; perform rules-based inference on identified device data characteristics; generate a ranking for inferred device data characteristics; and determine whether to make a remediation recommendation.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Zimmer’s static and dynamic device profile reputation using cloud-based machine learning with Lancioni’s dynamic electronic display privacy filter because the use of machine learning tools is beneficial to help automate systems with less human interaction.

	As per claim 2, Lancioni in combination with Zimmer teaches The method for the privacy protection component of claim 1, Lancioni further teaches setting a default privacy status for all data fields so that the default privacy status triggers anonymization for all data values that reflect identifiable information to the network entity (Lancioni, Paragraph 0032 recites “At operation 504, a determination is made (e.g., based on detected tags) regarding whether the detected data is private. If the detected data is not private then the data is simply displayed on electronic display 322 at operation 506. If the detected data is determined to be private then, at operation 508, location context data is detected (e.g., from GPS receiver 410 and/or microphone 416).” It is being interpreted that the tags used would read on the triggering functionality).

	As per claim 4, Lancioni in combination with Zimmer teaches The method for the privacy protection component of claim 1, Lancioni further teaches : applying one or more clustering techniques to the data values from the data fields within the input data in order to associate their corresponding data fields with an associated known sensitive data field, where the association occurs by locating data values that reflect identifiable information to the network entity to be clustered in close proximity  (Lancioni, Paragraph 0032 recites “At operation 504, a determination is made (e.g., based on detected tags) regarding whether the detected data is private. If the detected data is not private then the data is simply displayed on electronic display 322 at operation 506. If the detected data is determined to be private then, at operation 508, location context data is detected (e.g., from GPS receiver 410 and/or microphone 416).”).

	As per claim 6, Lancioni in combination with Zimmer teaches The method for the privacy protection component of claim 1, Lancioni further teaches assigning a linked privacy alias as the privacy alias for the data value of the first data field in order to link the privacy alias to the privacy aliases of other data values with similar value strings (Lancioni, Paragraph 0024 recites “The privacy filter generation module 320 may be configured to receive privacy indications provided by the private data detection module 316, the data boundaries detection module 318 and the context aware privacy module 314 in order to determine whether or not a privacy filter should be rendered over a portion of display 322 based on these privacy indications. It is noted that multiple privacy filters may be used, such that each of the multiple privacy filters may obscure separate and distinct portions of the display 322.”).”).

	As per claim 8, Lancioni in combination with Zimmer teaches The method for the privacy protection component of claim 1, Lancioni further teaches exporting the input data mixed in with instances of one or more data values replaced with their privacy alias (Lancioni, Paragraph 0024 recites “The privacy filter generation module 320 may be configured to receive privacy indications provided by the private data detection module 316, the data boundaries detection module 318 and the context aware privacy module 314 in order to determine whether or not a privacy filter should be rendered over a portion of display 322 based on these privacy indications. It is noted that multiple privacy filters may be used, such that each of the multiple privacy filters may obscure separate and distinct portions of the display 322.”).”).

Regarding claims 10 and 11, claims 10 and 11 are directed to a non-transitory readable medium and an apparatus associated with the method of claim 1. Claims 10 and 11 are of similar scope to claim 1, and are therefore rejected under similar rationale.

	As per claim 16, Lancioni in combination with Zimmer teaches The apparatus for the cyber threat defense system of claim 11, Lancioni further teaches wherein the aliasing module is configured to assign a privacy alias on a per session-basis so that a fresh privacy alias is generated for the data values for each session (Lancioni, Paragraph 0032 recites “At operation 502, data to be displayed by electronic display 322 is detected. For example, a user opens a document or types in data via a keyboard so that the document or typed in data will then be displayed on at least a portion of the electronic display 322. At operation 504, a determination is made (e.g., based on detected tags) regarding whether the detected data is private. If the detected data is not private then the data is simply displayed on electronic display 322 at operation 506. If the detected data is determined to be private then, at operation 508, location context data is detected (e.g., from GPS receiver 410 and/or microphone 416). At operation 510, a determination is made (e.g., based on an ambient noise level) regarding whether the current location of the electronic display 322 is a private location. If the current location is not determined to be a private location then the method returns to operation 506 in order to simply display the detected data on electronic display 322. If the current location is determined to be a private location then, at operation 512, boundaries of an area of electronic display 322 where the detected data is to be displayed are detected (e.g., a text box defined by application associated with detected data).”).

	As per claim 17, Lancioni in combination with Zimmer teaches The apparatus for the cyber threat defense system of claim 11, Lancioni further teaches wherein the permission module is configured to determine a geographic location for the system user and to adjust the permission threshold based on the geographic location (Lancioni, Paragraph 0032 recites “At operation 502, data to be displayed by electronic display 322 is detected. For example, a user opens a document or types in data via a keyboard so that the document or typed in data will then be displayed on at least a portion of the electronic display 322. At operation 504, a determination is made (e.g., based on detected tags) regarding whether the detected data is private. If the detected data is not private then the data is simply displayed on electronic display 322 at operation 506. If the detected data is determined to be private then, at operation 508, location context data is detected (e.g., from GPS receiver 410 and/or microphone 416). At operation 510, a determination is made (e.g., based on an ambient noise level) regarding whether the current location of the electronic display 322 is a private location. If the current location is not determined to be a private location then the method returns to operation 506 in order to simply display the detected data on electronic display 322. If the current location is determined to be a private location then, at operation 512, boundaries of an area of electronic display 322 where the detected data is to be displayed are detected (e.g., a text box defined by application associated with detected data).”).

	As per claim 18, Lancioni in combination with Zimmer teaches The apparatus for the cyber threat defense system of claim 11, Lancioni further teaches wherein the clustering module is configured to set a default privacy status for all data fields so that the default privacy level triggers anonymization of all data values that have data identifiable to the network entity (Lancioni, Paragraph 0032 recites “At operation 504, a determination is made (e.g., based on detected tags) regarding whether the detected data is private. If the detected data is not private then the data is simply displayed on electronic display 322 at operation 506. If the detected data is determined to be private then, at operation 508, location context data is detected (e.g., from GPS receiver 410 and/or microphone 416).” And Paragraph 0024 recites “The privacy filter generation module 320 may be configured to receive privacy indications provided by the private data detection module 316, the data boundaries detection module 318 and the context aware privacy module 314 in order to determine whether or not a privacy filter should be rendered over a portion of display 322 based on these privacy indications. It is noted that multiple privacy filters may be used, such that each of the multiple privacy filters may obscure separate and distinct portions of the display 322.”).

Claims 3 and 12-14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lancioni et al (US 2018/0082068) and Zimmer et al. (US 2018/0096260) and in further view of Calcaterra et al. (US 2018/0351961).

	As per claim 3, Lancioni in combination with Zimmer teaches The method for the privacy protection component of claim 1, but fails to teach compiling an evolving gray list identifying data fields inferred to be subject to anonymization, and presenting the evolving gray list to a system administrator to alter a privacy level up or down for one or more of the data fields on the gray list.
	However, in an analogous Calcaterra teaches compiling an evolving gray list identifying data fields inferred to be subject to anonymization, and presenting the evolving gray list to a system administrator to alter a privacy level up or down for one or more of the data fields on the gray list (Calcaterra, Paragraph 0039 recites “Next, at 204, the GUI restriction and anonymization program 110a and 110b determines the problem and permissions depending on the problem (i.e., issue) with the client computer 102. The cognitive processing system may utilize computing technology to analyze the client computer 102 and diagnose the problem with the client computer 102. After the cognitive processing system diagnoses the problem, the cognitive processing system may determine the appropriate permissions or access that the third party should obtain to fix the problem presented by the cognitive processing system. Permissions may include anonymizing information (e.g., company name, IP addresses), deletion of private information, adding or removing passwords to sensitive data or parts of the client computer 102, hiding or restricting access until approval is obtained by the customer system administrator, and prohibiting system configuration changes without approval of customer system administrator.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Calcaterra’s graphical user interface privacy, security and anonymization with Lancioni’s dynamic electronic display privacy filter because the use of having an administrator approval will help ensure a trusted person of authority oversees the system.

	As per claim 12, Lancioni in combination with Zimmer teaches the apparatus for the cyber threat defense system of claim 11, but fails to teach wherein the permission module is configured to compile an evolving gray list identifying data fields inferred to be subject to anonymization.
	However, in an analogous art Calcaterra teaches wherein the permission module is configured to compile an evolving gray list identifying data fields inferred to be subject to anonymization (Calcaterra, Paragraph 0039 recites “Next, at 204, the GUI restriction and anonymization program 110a and 110b determines the problem and permissions depending on the problem (i.e., issue) with the client computer 102. The cognitive processing system may utilize computing technology to analyze the client computer 102 and diagnose the problem with the client computer 102. After the cognitive processing system diagnoses the problem, the cognitive processing system may determine the appropriate permissions or access that the third party should obtain to fix the problem presented by the cognitive processing system. Permissions may include anonymizing information (e.g., company name, IP addresses), deletion of private information, adding or removing passwords to sensitive data or parts of the client computer 102, hiding or restricting access until approval is obtained by the customer system administrator, and prohibiting system configuration changes without approval of customer system administrator.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Calcaterra’s graphical user interface privacy, security and anonymization with Lancioni’s dynamic electronic display privacy filter because the use of having an administrator approval will help ensure a trusted person of authority oversees the system.

	As per claim 13, Lancioni in combination with Zimmer and Calcaterra teaches the apparatus for the cyber threat defense system of claim 12, Calcaterra further teaches wherein the user interface module is configured to present the evolving gray list to a system administrator for review (Calcaterra, Paragraph 0039 recites “Next, at 204, the GUI restriction and anonymization program 110a and 110b determines the problem and permissions depending on the problem (i.e., issue) with the client computer 102. The cognitive processing system may utilize computing technology to analyze the client computer 102 and diagnose the problem with the client computer 102. After the cognitive processing system diagnoses the problem, the cognitive processing system may determine the appropriate permissions or access that the third party should obtain to fix the problem presented by the cognitive processing system. Permissions may include anonymizing information (e.g., company name, IP addresses), deletion of private information, adding or removing passwords to sensitive data or parts of the client computer 102, hiding or restricting access until approval is obtained by the customer system administrator, and prohibiting system configuration changes without approval of customer system administrator.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Calcaterra’s graphical user interface privacy, security and anonymization with Lancioni’s dynamic electronic display privacy filter because the use of having an administrator approval will help ensure a trusted person of authority oversees the system.

	As per claim 14, Lancioni in combination with Zimmer and Calcaterra teaches the apparatus for the cyber threat defense system of claim 12, Calcaterra further teaches wherein the user interface module is configured to receive a gray list edit from the system administrator altering the privacy level up or down for one or more of the data fields on the gray list (Calcaterra, Paragraph 0039 recites “Next, at 204, the GUI restriction and anonymization program 110a and 110b determines the problem and permissions depending on the problem (i.e., issue) with the client computer 102. The cognitive processing system may utilize computing technology to analyze the client computer 102 and diagnose the problem with the client computer 102. After the cognitive processing system diagnoses the problem, the cognitive processing system may determine the appropriate permissions or access that the third party should obtain to fix the problem presented by the cognitive processing system. Permissions may include anonymizing information (e.g., company name, IP addresses), deletion of private information, adding or removing passwords to sensitive data or parts of the client computer 102, hiding or restricting access until approval is obtained by the customer system administrator, and prohibiting system configuration changes without approval of customer system administrator.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Calcaterra’s graphical user interface privacy, security and anonymization with Lancioni’s dynamic electronic display privacy filter because the use of having an administrator approval will help ensure a trusted person of authority oversees the system.

Claim 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lancioni et al (US 2018/0082068) and Zimmer et al. (US 2018/0096260) and in further view of Yatziv et al. (US 2018/0189629).

	As per claim 5, Lancioni in combination with Zimmer teaches The method for the privacy protection component of claim 4, but fails to teach adjusting the privacy level 
	However, in an analogous art Yatziv teaches adjusting the privacy level of the first data field up or down based on a privacy level assigned to the associated known sensitive data field when the data value of the first data field is closely clustered to a data value of that associated known sensitive data field (Yatziv, Paragraph 0043 recites “The second privacy level data may be more restricted than the first privacy level data. For instance, some data may default to being marked as second privacy level data, and/or users of the group may have adjusted one or more settings to cause data to be marked as second privacy level data.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Yatziv’s virtual assistant generation of group recommendations with Lancioni’s dynamic electronic display privacy filter because the ability to change privacy levels offers the advantage of flexibility, when dealing with sensitive data. 


Claims 7, 15 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lancioni et al (US 2018/0082068) and Zimmer et al. (US 2018/0096260) and in further view of Mont et al. (US 2005/0251865).

	As per claim 7, Lancioni in combination with Zimmer teaches The method for the privacy protection component of claim 1, but fails to teach assigning a permission level to the system user to determine whether the system user is permitted to view the input data subject to at least one of i) data values identifiable to any network entity will have a substituted alias when the system user is assigned a full anonymization permission level and ii) data values identifiable to merely any user of the network will have a substituted alias when the system user is assigned a reduced anonymization permission level.
	However, in an analogous art Mont teaches assigning a permission level to the system user to determine whether the system user is permitted to view the input data subject to at least one of i) data values identifiable to any network entity will have a substituted alias when the system user is assigned a full anonymization permission level and ii) data values identifiable to merely any user of the network will have a substituted alias when the system user is assigned a reduced anonymization permission level (Mont, Paragraph 0057 recites “In embodiments of the present invention, privacy management policies can be applied to records or fields at any one of a number of levels of granularity. This means that different users or user roles can be provided with different levels of access permissions for different types of data within the repository. Privacy control is preferably implemented by obfuscation of private data fields and/or whole data records. De -obfuscation is subject to successful authorisation by the privacy manager.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Mont’s Data privacy management system and method with 

	As per claim 15, Lancioni in combination with Zimmer teaches the apparatus for the cyber threat defense system of claim 11, but fails to teach wherein the permission module is configured to factor at least one of, i) a black list describing data fields to be anonymized before display into determining the privacy level, and ii) a white list describing data fields to be left transparent to a system user into determining the privacy level.
	However, in an analogous art Mont teaches wherein the permission module is configured to factor at least one of, i) a black list describing data fields to be anonymized before display into determining the privacy level, and ii) a white list describing data fields to be left transparent to a system user into determining the privacy level  (Mont, Paragraph 0057 recites “In embodiments of the present invention, privacy management policies can be applied to records or fields at any one of a number of levels of granularity. This means that different users or user roles can be provided with different levels of access permissions for different types of data within the repository. Privacy control is preferably implemented by obfuscation of private data fields and/or whole data records. De -obfuscation is subject to successful authorisation by the privacy manager.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Mont’s Data privacy management system and method with 

	As per claim 19, Lancioni in combination with Zimmer teaches the apparatus for the cyber threat defense system of claim 11, but fails to teach wherein the permission module is configurable to assign a permission level to the system user to determine whether the system user is permitted to view the input data, subject to at least one of i) data values identifiable to any network entity will have a substituted alias when the system user is assigned a full anonymization permission level and ii) data values identifiable to merely any user of the network will have a substituted alias when the system user is assigned a reduced anonymization permission level (Mont, Paragraph 0057 recites “In embodiments of the present invention, privacy management policies can be applied to records or fields at any one of a number of levels of granularity. This means that different users or user roles can be provided with different levels of access permissions for different types of data within the repository. Privacy control is preferably implemented by obfuscation of private data fields and/or whole data records. De -obfuscation is subject to successful authorisation by the privacy manager.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Mont’s Data privacy management system and method with Lancioni’s dynamic electronic display privacy filter because the ability to change privacy levels offers the advantage of flexibility, when dealing with sensitive data. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODERICK TOLENTINO whose telephone number is (571)272-2661. The examiner can normally be reached Mon- Fri 8am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

RODERICK . TOLENTINO
Examiner
Art Unit 2439

/RODERICK TOLENTINO/Primary Examiner, Art Unit 2439