Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
2.	Claims 1-20 are pending.
Continuation 
3.	Application # 16563341 is CIP of application # 16267297 now is US Patent # 10599872.
	And application # 16267297 is CON of application # 15237519 now is US Patent # 10268840.

Double Patenting
4.	The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statue) so as to prevent the unjustified or improper timewise extension of the "right to exclude" granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim (s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed.Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Omum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).  A timely filed terminal disclaimer in compliance with 37 CFR 1.321 (c) or 1.321 (c may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The USPTO internet Web site contains terminal disclaimer forms which may be used. Please visit http://www.uspto.gov/forms/. The filling date of the application will determine what form should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. 

5.	  Claims 1, 2, 7, 9, 10,  12, 13, 14, and 19  are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 2, 3, 5, 6, 7, 8, 9, and 10 of U.S. Patent No. 10599872 in view of U.S. Patent Application No 20130238600.

A side-by-side comparison of claims 1, 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, and 19  of the pending application and the ‘872 patent is given in the following table to show their similarities and differences:
Pending Application 
US Patent #10599872
Claims 1, 12, 13 
A compromised data exchange system, comprising:  2an interface configured to couple to a network;  3a processor coupled to the interface; and  4a database storing compromised personally identifying information (PII) data;  5a memory accessible to the processor and storing instructions that, when executed, cause 6the processor to:  









8detect portions within the extracted data from the specified websites that resemble 9one or more sets of PII data, each set of PII data associated with a compromised entity;  




18compare (1) the detected portions within the extracted data, from both the 19specified websites and the other websites, that resemble one or more sets of PII data, and  20(2) the compromised PII data stored at the database, to determine a match using the risk assessment module; 


Claims 2, 14:
The system of claim 1, further comprising a risk assessment module and a risk scoring module, and wherein the processor: 
detects portions within the extracted data, from both the specified websites and the other websites, that resemble one or more sets of PII data by using the risk assessment module and based on PII patterns;  

compares (1) the detected portions within the extracted data, from both the specified websites and the other websites, that resemble one or more sets of PII data and (2) the compromised PII data stored at the database, to determine a match, by using the risk assessment module; and  assigns a risk score to a data item of the compromised PII data stored at the database, in response to determining a match, by using the risk scoring module

Claims 7, 19:
The system of claim 1, wherein the instructions that cause the processor to detect portions within 
process the extracted data to identify portions that include patterns of numbers resembling at least one of a social security number, a phone number, a birth date, a driver's license number, and an account number; and  flag the identified portions for further processing.

Claim 9:
The system of claim 1, wherein the instructions that cause the processor to detect 2portions within the within the extracted data that resembles one or more sets of PII data further 3include instructions that, when executed, cause the processor to:  
4encrypt each of the detected portions according to an encryption applied to data within 5the database of disassociated compromised PII data; and  6compare each of the encrypted portions to compromised data within the database to 7determine the match.

Claim 10:




Claims 2
A compromised data exchange system comprises comprising: an interface configured to couple to a network; a processor coupled to the interface; and a database of disassociated compromised personally identifying information (PII) data, the database including items of PII data that are disassociated from one another such that PII data of a particular individual cannot be reassembled from the data in the database; a memory accessible to the processor and storing instructions that, when executed, cause the processor to: search websites for a data pattern that resembles PII data and an associated Uniform Resource Locator (URL) for one or more linked websites; 


detect portions within the extracted data that resemble PII data based on PII data patterns using a risk assessment module; 














compare a detected portion to data within the database of disassociated compromised PII data to determine a match using the risk assessment module; 




Claims 2



detect portions within the extracted data that resemble PII data based on PII data patterns using a risk assessment module; 



compare a detected portion to data within the database of disassociated compromised PII data to determine a match using the risk assessment module; and selectively assign a risk score to a data item within the database in response to determining the match using a risk scoring module.




Claim 6:
The compromised data exchange system of claim 2, wherein the instructions that cause the 

 process the extracted data to identify portions that include patterns of numbers resembling at least one of a social security number, a phone number, a birth date, a driver's license number, and an account number; and flag the identified portions for further processing.

Claim 7:
The compromised data exchange system of claim 2, wherein the instructions that cause the processor to detect portions within the extracted data further include instructions that, when executed, cause the processor to: 

encrypt each of the portions according to an encryption applied to data within the database of disassociated compromised PII data; and compare each of the encrypted portions to data within the database of disassociated compromised PII data to determine the match.

Claim 8:






Although the ‘872 patent does not disclose the following limitation(s), U.S. Patent Application Publication No. 20130238600, Kindler discloses the following limitation(s):

	10detect URLs within the extracted data from the specified websites that identify 11one or more other websites extracted or derived from the data obtained from the various social networks (Kindler, para 36);12determine a priority ranking for each of the other websites based on the number of 13sets of PII data at each of the identified websites (para 46, analysis may be performed to provide Some sort of degree of similarity (e.g., a percentage or rank of similarity) rather than a simple binary analysis (i.e., “match”/"does not match'); 14extract data from the other websites, wherein each of the other websites are 15accessed to extract data based on its determined priority ranking;  16detect portions within the extracted data from the other websites that resemble one 17or more sets of PII data (para 57 the analysis provided by the risk score analyzer 900 may comprise at least a portion of the further analysis 314 as previously mentioned with reference to FIG. 3. In such an embodiment, the risk score analyzer 900 may obtain data and other information from the Social network analyzer 100 via the analytics API 212 shown in FIG. 2).
	The Supreme Court in KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 415-421, 82 USPQ2d 1385, 1395-97 (2007) identified a number of rationales to support a conclusion of obviousness which are consistent with the proper “functional approach” to the determination of obviousness as laid down in 
	The ’ 872 patent discloses all the structural elements of the claimed portable device and corresponding elements except for 10detect URLs within the extracted data from the specified websites that identify 11one or more other websites; 12determine a priority ranking for each of the other websites based on the number of 13sets of PII data at each of the identified websites; 14extract data from the other websites, wherein each of the other websites are 15accessed to extract data based on its determined priority ranking; 
 16detect portions within the extracted data from the other websites that resemble one 17or more sets of PII data, which is disclosed in Kindler. 
Thus, one of ordinary skill in the art of  would have been motivated, before the effective filing date of the claimed invention, to update the system of the ‘872 patent with the system of detect URLs within the extracted data from the specified websites that identify 11one or more other websites; 12determine a priority ranking for each of the other websites based on the number of 13sets of PII data at each of the identified websites; 14extract data from the other websites, wherein each of the other websites are 15accessed to extract data based on its determined priority ranking;  16detect portions within the extracted data from the other websites that resemble one 17or more sets of PII data disclosed in Kindler in order to analyzing and presenting data obtained across more than one of these social network, compare 
the personal information obtained from the plurality of social networks to determine a normalized set of personal information for the user.

6.	  Claims 1, 2, 7, 9, 10, 11, 12, 13, 14, and 19  are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 4, 5, 6, 7, and 10 of U.S. Patent No. 10268840 in view of U.S. Patent Application No 20130238600.

A side-by-side comparison of claims 1, 2, 7, 9, 10, 11, 12, 13, 14, and 19  of the pending application and the ‘840 patent is given in the following table to show their similarities and differences:


US Patent # 10268840
Claims 1, 12, 13 
A compromised data exchange system, comprising:  2an interface configured to couple to a network;  3a processor coupled to the interface; and  4a database storing compromised personally identifying information (PII) data;  5a memory accessible to the processor and storing instructions that, when executed, cause 6the processor to:  







7extract data from one or more specified websites using a crawler;  

8detect portions within the extracted data from the specified websites that resemble 9one or more sets of PII data, each set of PII data associated with a compromised entity;  




18compare (1) the detected portions within the extracted data, from both the 19specified websites and the other websites, that resemble one or more sets of PII data, and  20(2) the compromised PII data stored at the database, to determine a match using the risk assessment module; 
And 47Attorney Docket No.: 090850-007140US-1140005 Client Ref. No.: EWS-18-016-X122selectively assign a risk score to a data item within the database of compromised 23PII data, in response to determining the match.

Claims 2, 14:
The system of claim 1, further comprising a risk assessment module and a risk scoring module, and wherein the processor: 
detects portions within the extracted data, from both the specified websites and the other websites, that resemble one or more sets of PII 

compares (1) the detected portions within the extracted data, from both the specified websites and the other websites, that resemble one or more sets of PII data and (2) the compromised PII data stored at the database, to determine a match, by using the risk assessment module; and  assigns a risk score to a data item of the compromised PII data stored at the database, in response to determining a match, by using the risk scoring module

Claims 7, 19:
The system of claim 1, wherein the instructions that cause the processor to detect portions within the within the extracted data that resembles one or more sets of PII data, further include instructions that, when executed, cause the processor to:  
process the extracted data to identify portions that include patterns of numbers resembling at least one of a social security number, a phone number, a birth date, a driver's license number, and an account number; and  flag the identified portions for further processing.

Claim 9:
The system of claim 1, wherein the instructions that cause the processor to detect 2portions within the within the extracted data that resembles one or more sets of PII data further 3include instructions that, when executed, cause the processor to:  
4encrypt each of the detected portions according to an encryption applied to data within 5the database of disassociated compromised PII data; and  6compare each of the encrypted portions to compromised data within the database to 7determine the match.

Claim 10:
The system of claim 9, wherein the instructions that cause the processor to 2selectively assign the risk score include instructions that, when executed, cause the processor to 3increase a risk score for a piece of disassociated data within the database of disassociated  compromised PII data in response to determining the match.


Claim 11:

The compromised data exchange system of claim 1, wherein the compromised PII 2data 
Claims 1
A compromised data exchange system comprises: an interface configured to couple to a network; a processor coupled to the interface; and a database of disassociated compromised PII data, the database including items of PII data that are disassociated from one another such that PII data of a particular individual cannot be reassembled from the data in the database a memory accessible to the processor and storing instructions that, when executed, cause the processor to: 




extract data from one or more websites using a crawler; 

detect portions within the data that resemble personally identifying information (PII) data based on PII data patterns using a risk assessment module; compare a detected portion to data within [[a]] the database of disassociated compromised PII data to determine a match using the risk assessment module; 

















and selectively assign a risk score to a data item within the database in response to determining the match using a risk scoring module.

Claims 1
detect portions within the data that resemble personally identifying information (PII) data based on PII data patterns using a risk assessment module;






 compare a detected portion to data within [[a]] the database of disassociated compromised PII data to determine a match using the risk assessment module; 







Claim 5:
The compromised data exchange system of claim 1, wherein the instructions that cause the processor to detect portions within the data further include instructions that, when executed, cause the processor to: 

process the extracted data to identify portions that include patterns of numbers resembling at least one of a social security number, a phone number, a birth date, a driver's license number, and an account number; and flag the identified portions for further processing

Claim 6:
The compromised data exchange system of claim 1, wherein the instructions that cause the processor to detect portions within the data further include instructions that, when executed, cause the processor to:

 encrypt each of the portions according tan encryption applied to data within the database of disassociated compromised PII data; and compare each of the encrypted portions to data within the database of disassociated compromised PII data to determine the match.

Claim 7:
The compromised data exchange system of claim 1, wherein the instructions that cause the processor to selectively assign the risk score include instructions that, when executed, cause the processor to increase a risk score for a piece of disassociated data within the database of disassociated compromised PII data in response to determining the match.

Claim 8:






Although the ‘840 patent does not disclose the following limitation(s), U.S. Patent Application Publication No. 20130238600, Kindler discloses the following limitation(s):

	10detect URLs within the extracted data from the specified websites that identify 11one or more other websites extracted or derived from the data obtained from the various social networks (Kindler, para 36);12determine a priority ranking for each of the other websites based on the number of 13sets of PII data at each of the identified websites (para 46, analysis may be performed to provide some sort of degree of similarity (e.g., a percentage or rank of similarity) rather than a simple binary analysis (i.e., “match”/"does not match'); 14extract data from the other websites, wherein each of the other websites are 15accessed to extract data based on its determined priority ranking;  16detect portions within the extracted data from the other websites that resemble one 17or more sets of PII data (para 57 the analysis provided by the risk score analyzer 900 may comprise at least a portion of the further analysis 314 as previously mentioned with reference to FIG. 3. In such an embodiment, the risk score analyzer 900 may obtain data and other information from the Social network analyzer 100 via the analytics API 212 shown in FIG. 2).
	The Supreme Court in KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 415-421, 82 USPQ2d 1385, 1395-97 (2007) identified a number of rationales to support a conclusion of obviousness which are consistent with the proper “functional approach” to the determination of obviousness as laid down in Graham. One such rational given by the Supreme Court and that may relied upon to support a conclusion of obviousness included: “combining prior art elements according to known methods to yield predictable results”. 
	The ’ 840 patent discloses all the structural elements of the claimed portable device and corresponding elements except for 10detect URLs within the extracted data from the specified websites that identify 11one or more other websites; 12determine a priority ranking for each of the other websites based on the number of 13sets of PII data at each of the identified websites; 14extract data from the other websites, wherein each of the other websites are 15accessed to extract data based on its determined priority ranking; 
 16detect portions within the extracted data from the other websites that resemble one 17or more sets of PII data, which is disclosed in Kindler. 
Thus, one of ordinary skill in the art of  would have been motivated, before the effective filing date of the claimed invention, to update the system of the ‘840 patent with the system of detect URLs within the extracted data from the specified websites that identify 11one or more other websites; 12determine a priority ranking for each of the other websites based on the number of 13sets of PII data at each of the identified websites; 14extract data from the other websites, wherein each of the other websites are 15accessed to extract data based on its determined priority ranking;  16detect portions within the extracted data from the other websites that resemble one 17or more sets of PII data disclosed in Kindler in order to analyzing and presenting data obtained across more than one of these social network, compare 
the personal information obtained from the plurality of social networks to determine a normalized set of personal information for the user.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


7.	Claims 1, 2, 3, 4, 6, 7, 8, 12, 13, 14, 15, 16, 18, 19, and 20 are rejected under 35U.S.C 103 as being unpatentable over Tommy Stiansen (US 20160044054), in view of  Noah Kindler (US 20130238600), hereinafter Kindler.

	Regarding claim 1:
	an interface configured to couple to a network (para 41, the application of the media further comprises an interface configured to perform transmit the one or more safe data packets to a destination computing device);  a processor coupled to the interface (para 40 a computer network, the system comprising: a digital signal processor); and  4a database storing compromised personally identifying information (PII) data (para 42, a database configured to store a dark list, wherein the dark list comprises a plurality of data entries comprising one or more risk activities or one or more risky source addresses), and further personal information such as social security numbers, dates of birth, photos of their families, addresses and phone numbers, insurance information, credit card numbers, and bank information (para 10). Examiner interprets social security numbers, dates of birth, photos of their families, addresses and phone numbers, insurance information, credit card numbers, and bank information are personally identifying information (PII).

8detect portions within the extracted data from the specified websites that resemble 9one or more sets of PII data, each set of PII data associated with a compromised entity (para 246, Crawler data displayed content from web crawls and also display documents from web crawls. Content was organized for relevance over severity, for example code snippets, sensitive documents, passwords and other secret data will be displayed with higher priority, but also timeline impacted the display where fresh data will be pushed towards the top). However, Stiansen fails to teach: 
 10detect URLs within the extracted data from the specified websites that identify 11one or more other websites;  12determine a priority ranking for each of the other websites based on the number of 13sets of PII data at each of the identified websites;  14extract data from the other websites, wherein each of the other websites are 15accessed to extract data based on its determined priority ranking; 
 16detect portions within the extracted data from the other websites that resemble one 17or more sets of PII data;  
18compare (1) the detected portions within the extracted data, from both the 19specified websites and the other websites, that resemble one or more sets of PII data, and  20(2) the compromised PII data stored at the database, to determine a match using the risk assessment module; 
and  47Attorney Docket No.: 090850-007140US-1140005Client Ref. No.: EWS-18-016-X122selectively assign a risk score to a data item within the database of compromised 23PII data, in response to determining the match.
Kindler teaches  10detect URLs within the extracted data from the specified websites that identify 11one or more other website (Kindler, para 37, site name identifies the social network from which the data was obtained. The site name for the Facebook social network 104a may simply be the character string “facebook.” The Network Identifier uniquely identifies data in the associated social network and, typically, identifies a unique identifier (“unique ID') of a core attribute—such as, for example, a user/entity. In one embodiment, the Network Identifier may comprise the URL of the social network (e.g., 
 12determine a priority ranking for each of the other websites based on the number of 13sets of PII data at each of the identified websites (Kindler, para 9, assessing an aggregate risk score for a user of a social networks online activities, obtain information, an analyzing component may be provide that is adapted to analyze the collected information in order to find one or more potential dangers to the subject (these potential dangers may be referred to as “warnings'). The analyzing component may then associate a severity level to each identified potential danger and then assigning a weight to each identified potential danger based on its associated severity level and the current age of the identified potential danger). Examiner interprets assigning a weight to each identified potential danger based on its associated severity level is priority ranking for each website or social networks. 
14extract data from the other websites, wherein each of the other websites are 15accessed to extract data based on its determined priority ranking (para 36, FIG. 4, each of the attributes comprises a number of properties or sub-elements that may be extracted or derived from the data obtained from the various social networks).
detect portions within the extracted data from the other websites that resemble one 17or more sets of PII data;  18compare (1) the detected portions within the extracted data, from both the 19specified websites and the other websites, that resemble one or more sets of PII data and  20(2) the compromised PII data stored at the database (para 46, data analysis 512 may be used to compare various aspects of the user data collected from the plurality of social networks. For example, similarity analysis may be conducted to determine the similarity (or, at least, a degree of similarity) between comparable aspects of the user data such as, for example, a similarity comparison between date of birth information, phone numbers, and/or various location information (e.g., geographic location, network location, temporal location) obtained from the collected user data.
to determine a match using the risk assessment module (para 46, if the date of birth information from the user data for “John' is “Jun. 23, 1980' while the date of birth information from the user data for “Johnny' is “June 23 but does not indicate the year, the similarity of data analysis 512 may still assign a percentage or other degree of confidence indicating a relatively strong similarity between the two birthday ). Examiner interprets that confidence score is risk score to data item claimed. 
It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching Kindler with that of Stiansen in order to analyzing data obtained from a network and, in particular, analyzing information obtained from one or more social networks.

Regarding claim 2:
Stiansen and Kindler disclose a risk assessment module and a risk 2scoring module, and wherein the processor:  3detects portions within the extracted data, from both the specified websites and the other 4websites, that resemble one or more sets of PII data by using the risk assessment module and 5based on PII patterns(Kindler, para 65 risk score analyzer 900 analyzes all of the collected data (or at least a portion of the collected data) in order to identify any potential warnings/threats that may be contained in the collected information), 
6compares (1) the detected portions within the extracted data, from both the specified 7websites and the other websites, that resemble one or more sets of PII data and (2) the 8compromised PII data stored at the database, to determine a match, by using the risk assessment 9module; and  10assigns a risk score to a data item of the compromised PII data stored at the 11database, in response to determining a match, by using the risk scoring module (Kindler, para 70 the risk score analyzer 900 utilizes the Severity Weighing Matrix (“function M(w, s, a)') to assign a weighed score to each collected warning. The weighed score may be based on the particular type of warning, the severity level assigned to that warning (per operation 1008) as well as the age of the warning). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching Kindler with that of Stiansen in order to analyzing data obtained from a network and, in particular, analyzing information obtained from one or more social networks.


Stiansen and Kindler disclose wherein the compromised PII data stored at the database 2comprises disassociated compromised PII, including PII  data that are disassociated from one 3another such that PII data of a particular individual cannot be reassembled from the data in the 4database(Kindler, para 50 in FIG. 7, those nodes determined not to have any corresponding node or that do not match any other node— such as node tX in the second social graph—are given no weigh (i.e., 0 weight)). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching Kindler with that of Stiansen in order to analyzing data obtained from a network and, in particular, analyzing information obtained from one or more social networks.

Regarding claim 4:
Stiansen and Kindler disclose wherein the priority ranking is determined by counting the 2number of sets of PII data at each one of the specified websites (Kindler, para 54 for each common subgraph 802, 804, the average weight of the nodes comprising the subgraph is calculated by dividing the sum of the weights of the nodes in the subgraph by the number of nodes in the that subgraph (Kindler, para 53), and further the average weight of each common subgraph is compared by the data mapper against a threshold value). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching Kindler with that of Stiansen in order to analyzing data obtained from a network and, in particular, analyzing information obtained from one or more social networks.

Regarding claim 6:
Stiansen and Kindler disclose further teaches wherein the same determined priority ranking is assigned to 2 each of the other websites represented by URLs detected within extracted data from one of the 48Attorney Docket No.: 090850-007140US-1140005Client Ref. No.: EWS-18-016-X1 3specified websites, based on the number of sets of PII data(, Kindler, para 36 the data model 400 comprises a number of attributes or elements 402, 404, 406, 408, 30,  in FIG. 4 may also be referred to as the core attributes of the normalized data model, each of the attributes comprises a number of properties or sub-elements that may be extracted or derived from the data obtained from the various 

Regarding claim 7:
Stiansen and Kindler disclose wherein the instructions that cause the processor to detect 2portions within the within the extracted data that resembles one or more sets of PII data, further 3include instructions that, when executed, cause the processor to:  4process the extracted data to identify portions that include patterns of numbers 5resembling at least one of a social security number, a phone number, a birth date, a driver's 6license number, and an account number (Stiansen , para 10, personal information such as social security numbers, dates of birth, photos of their families, addresses and phone numbers, insurance information, credit card numbers, and bank information). And Kindler teaches and  7flag the identified portions for further processing (analyze postings and other messages for threatening and other keywords of interest during the analysis of warnings in operation 1004 of FIG. 10. This process relates identifying and flagging warnings containing certain abusive words or personal information being posted to the subject person (Kindler, para 76). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching Kindler with that of Stiansen in order to analyzing data obtained from a network and, in particular, analyzing information obtained from one or more social networks. 


Regarding claim 8:
Stiansen and Kindler disclose wherein the instructions that cause the processor to detect 2URLs within the extracted data from the specified websites further include instructions that, 3when executed, cause the processor to:  4process the extracted data to identify patterns of characters resembling a domain name (Stiansen, para 244, the system/appliance used extensive passive DNS brute forcing to discover domains, including international domain names with special characters).

Regarding claim 12:
Claim 12 is rejected under the same reason set forth in rejection of claim 1.

Regarding claim 13:
Claim 13 is rejected under the same reason set forth in rejection of claim 1.

Regarding claim 14:
Claim 14 is rejected under the same reason set forth in rejection of claim 2.

Regarding claim 15:
Claim 15 is rejected under the same reason set forth in rejection of claim 3.

Regarding claim 16:
Claim 16 is rejected under the same reason set forth in rejection of claim 4.

Regarding claim 18:
Claim 18 is rejected under the same reason set forth in rejection of claim 6.

Regarding claim 19:
Claim 19 is rejected under the same reason set forth in rejection of claim 7.

Regarding claim 20:
Claim 20 is rejected under the same reason set forth in rejection of claim 8.



s 5, 17 are rejected under 35U.S.C 103 as being unpatentable over Tommy Stiansen (US 20160044054), in view of  Noah Kindler (US 20130238600), and further in view of Richendra Khanna (US 20140250526), hereinafter Khanna.

Regarding claim 5:
Stiansen and Kindler disclose wherein the number of sets of PII data at a first one of the 2specified websites establishes the priority ranking for the other websites represented by URLs 3detected at the first one of the specified website (please see rejection of claim 4), but fail to disclose such that the other websites represented by 4URLs detected at the first one of the specified website are accessed before other websites 5represented by URLs detected at specified websites having a lower number of sets of PII data
Khanna teaches such that the other websites represented by 4URLs detected at the first one of the specified website are accessed before other websites 5represented by URLs detected at specified websites having a lower number of sets of PII data (Fig.2, para 37,  the hostname contains a match for the regular expression “update” for one of the tests in the set 225, and thus is scored 1 point (the weighting associated with that test). Similarly, the URL path “/merchantlll.com/update.aspx” in this example matches the regular expressions for two tests in set 235, based on having the domain name in the URL path and the term “update” in it, and thus gets awarded 1.5 and 1 point respectively, and that the fraud assessment threshold would thus likely be correspondingly higher (or the associated weights with each test would be corresponding lower). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching Khanna with that of Stiansen in order to detect and inhibit attempts to fraudulently obtain access to information from one or more Web sites or other electronic information services.

Regarding claim 17:
Claim 17 is rejected under the same reason set forth in rejection of claim 5.

9 is rejected under 35U.S.C 103 as being unpatentable over Tommy Stiansen (US 20160044054), in view of  Noah Kindler (US 20130238600), and further in view Steven Stevens (US 20080147554), hereinafter Stevens.

	Regarding claim 9:
	Stiansen and Kindler disclose to detect 2portions within the within the extracted data that resembles one or more sets of PII (please see claim 1), but fail to disclose 4encrypt each of the detected portions according to an encryption applied to data within 5the database of disassociated compromised PII data; and  6compare each of the encrypted portions to compromised data within the database to 7determine the match.
	However, Stevens teaches portion of PII are extracted to form an anonymous linking code and the extracted portions of PII are encrypted, the extraction and encryption module 116 extracts predetermined portions of PII from the electronic healthcare data and encrypts those extracted portions (Stevens, par-32). It would have obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching Stevens with that of Stiansen in order to protect healthcare data, purging the data of patient identifiable information (Stevens, para 2).

10.	Claim 10 is rejected under 35U.S.C 103 as being unpatentable over Tommy Stiansen (US 20160044054), in view of  Noah Kindler (US 20130238600), and further in view of Steven Stevens (US 20080147554), hereinafter Stevens and Carey Nachenberg (US 8019689), hereinafter Nachenberg.

	Regarding claim 10:
	Stiansen and Kindler disclose wherein the instructions that cause the processor to 2selectively assign the risk score include instructions that, when executed (please see rejection of claim 1), but fail to disclose cause the processor to 3increase a risk score for a piece of disassociated data within the database of disassociated compromised PII data in response to determining the match.
	However, Nachenberg teaches (column 8, [lines 22-24], the site’s reputation score increases over time as it receives more PII submissions). It would have obvious to someone skilled in the art before the .

11.	Claim 11 is  rejected under 35U.S.C 103 as being unpatentable over Tommy Stiansen (US 20160044054), in view of  Noah Kindler (US 20130238600), and further in view of Steven Lappenbusch (US 20160012561), hereinafter Lappenbusch.
	
	Regarding claim 11:
	Stiansen,  Kindler and Lappenbusch disclose wherein the compromised PII 2data stored at the database comprises disassociated compromised PII, including PII data that are 3disassociated from one another such that PII data of a particular individual cannot be 4reassembled from the data in the database, and wherein the instructions that cause the processor 5to selectively assign the risk score include instructions that, when executed, cause the processor 6to assign a risk score to each piece of disassociated data within the database associated with a 7particular data breach event in response to determining multiple matches between the detected 8portions and the disassociated data a comparison of the PII with the plurality of independent information to determine zero or more indicators of fraud, embodiments of the technology may compare the PII information with the plurality of independent information to determine dependent-related (Lappenbusch, par-71), the input data may be scored to indicate the probability that it corresponds to a real identity, if the input data score to have a sufficiently high probability that it corresponds to a real identity, the process may disambiguate the data (Lappenbusch, par-42 &43). It would have obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching Lappenbusch with that of Stiansen in order to detectidentity theft associated with a dependent (Lappenbusch, par-2).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Thanh Le whose telephone number is 571-272-8556.  The examiner can normally be reached Nickerson Jeffrey L  can be reached on (469) 295-9235.  
 The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/THANH H LE/Examiner, Art Unit 2432            


/FATOUMATA TRAORE/Primary Examiner, Art Unit 2436