DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 12/27/2019 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-5, 8-13 and 15-19 are rejected under 35 U.S.C. 103 as being unpatentable over Ghetti et al. (Patent No.: US 9,608,810, hereinafter Ghetti) in view of SHADMON et al . (Pub. No.: US 2019/0158594, hereinafter SHADMON).
Regarding claim 1: Ghetti discloses A method, comprising:
providing, by a telemetry server, a query request to one or more telemetry clients, wherein the provided query request comprises a query and one or more encrypted payloads over which the query Ghetti - [Col. 43, Line 43-47]: Fig. 7: the client module encrypts the identity information generated in step 703 along with the client module's public key generated at step 704 (e.g., the identify information and public key together comprise the enrollment package). [Col. 43, Line 53-55]: At step 705, in various embodiments, the client prepares an enrollment query to send to the cloud-based security platform 300);
obtaining a query result from one or more of the telemetry clients, wherein at least one telemetry client (a) decrypts the one or more encrypted payloads using at least one decryption key (Ghetti - [Col. 61, Line 64-67]: At step 1613, the enrollment service 201, in one embodiment, attempts to decrypt the payload of the request using its private key. As discussed in connection with FIGS. 7 and 8, the client module 104A and 104B encrypts portions of its request with the enrollment service's public key), (b) processes the query request using the one or more decrypted payloads (Ghetti - [Col. 62, Line 21-27]: At step 1615, the enrollment service 201 extracts the user's authentication information and VBE token from the identity information decrypted at step 1613. At step 1616, the enrollment service 201 generally verifies that the user identity and authentication information, as well as the VBE token, match the values that were previously stored at step 1609. [Col. 62, Line 46-52]: The enrollment service 201 generally encrypts this symmetric key using the public session key for the client device included in its request and decrypted at step 1613. Also included in the enrollment service's response are a user ID for the user requesting enrollment, a tenant-specific device ID, and the public session key for the client manager 301), and (c) provides the query result to the telemetry server (Ghetti - [Col. 62, Line 52-53]: This response is returned to the cloud-based security platform 300. []: At step 1416, the cloud-based security platform encrypts the symmetric key generated in step 1414 using the session public key of the client module … In step 1417, these three pieces of data encrypted with the client module's session public key are returned in a response to the client device); 
wherein the method is performed by at least one processing device comprising a processor coupled to a memory (Ghetti - [Col. 64, Line 3-6]: a computing device including a processing unit, a system memory, and a system bus that couples various system components including the system memory to the processing unit)

aggregating the query results obtained from the one or more telemetry clients (SHADMON - [0183]: The process on the contractors' nodes is such that each contractor receives a query and the query is executed independently on each of the contractor's nodes and the results are returned to the query node that aggregates the results).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Ghetti with SHADMON so that the returned results are aggregated. The modification would have allowed the system to aggregate the query results provide a unified result to the client server (SHADMON - [0047]). 
Regarding claim 2: Ghetti as modified discloses wherein the aggregated query results (SHADMON - [0183]: the results are returned to the query node that aggregates the results) are stored in a query store that is encrypted by the telemetry server (Ghetti - [Col. 48, Line 38-41]: at step 1009 in one embodiment, the FAFSS client module saves the encrypted output 117 locally in a database or memory in the user's (sender's) computing device).
The reason to combine herein for similar obviousness reasons and motivation as stated for claim 1.
Regarding claim 3: Ghetti as modified discloses further comprising providing the aggregated query results to one or more vendors (SHADMON - [0078]: The coordinator then aggregates results and sends them to the client).
The reason to combine herein for similar obviousness reasons and motivation as stated for claim 1.
Regarding claim 4: Ghetti as modified discloses wherein the at least one decryption key is obtained using a key identifier stored with the one or more encrypted payloads (Ghetti - [Col. 49, Line 23-37]: at step 1212, the FAFSS client module builds a query (comprising the key tag 112, along with information identifying the client module running in the recipient's electronic computing device) with an accompanying request for decryption. … the key tag is the identifier that uniquely relates to the encryption CBK 111, details of the respective application program, and various other attributes, and allows the FAFSS 100 to identify the appropriate key necessary to decrypt the relevant data item).
Regarding claims 5: Ghetti as modified discloses wherein the at least one telemetry client one or more of (i) validates the one or more decrypted payloads using one or more signatures within the one or more decrypted payloads (Ghetti - [Col. 51, Line 15-19]: at step 1614, the enrollment service 201 uses the client module's session public key to verify the wrapped payload's signature), (ii) evaluates a query type of the query to determine whether the at least one telemetry client opted in to the query type being executed.
Regarding claim 8: Ghetti as modified discloses wherein the query is processed using client-side resources or server-side resources based on a data type of at least a portion of the one or more encrypted payloads (Ghetti - [Col. 51, Line 15-19]: the cloud-based security platform 300 distinguishes the type of query from the client based on the calls made to a Representational State Transfer (“ReSTful”) Application Programming Interface (“API”) exposed by the cloud-based security platform 300 for client modules).
Regarding claims 9-13: Claims are directed to computer readable medium claims and do not teach or further define over the limitations recited in claims 1-5. Therefore, claims 9-12 are also rejected for similar reasons set forth in claims 1-5. 
Regarding claims 15-19: Claims are directed to apparatus claims and do not teach or further define over the limitations recited in claims 1-5. Therefore, claims 15-18 are also rejected for similar reasons set forth in claims 1-5. 

Claims 5, 13 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Ghetti et al. (Patent No.: US 9,608,810, hereinafter Ghetti) in view of SHADMON et al . (Pub. No.: US 2019/0158594, hereinafter SHADMON) and Varga et al. (Pub. No.: US 2020/0302564, hereinafter Varga).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Ghetti and SHADMON with Varga so that the data gathering is based on the user opt-in. The modification would have allowed the system to protect user’s privacy.

Claims 6, 14 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Ghetti et al. (Patent No.: US 9,608,810, hereinafter Ghetti) in view of SHADMON et al . (Pub. No.: US 2019/0158594, hereinafter SHADMON) and Dove et al. (Pub. No.: US 2012/0254320, hereinafter Dove).
Regarding claims 6, 14 and 20: Ghetti as modified doesn’t explicitly teach but Dove discloses wherein the at least one telemetry client anonymizes the query results to remove predefined sensitive information (Dove - [0074]: The obfuscation module 408 removes or otherwise obscures sensitive information within the search results. The obfuscation process makes it impossible or unlikely that a recipient can discover the sensitive information).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Ghetti and SHADMON with Dove so that the sensitive information is removed for enhanced data security. 

Claims 7, 14 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Ghetti et al. (Patent No.: US 9,608,810, hereinafter Ghetti) in view of SHADMON et al . (Pub. No.: US 2019/0158594, hereinafter SHADMON) and Baskerville et al. (Pub. No.: US 2008/0133531, hereinafter Baskerville).
Regarding claims 7, 14 and 20: Ghetti as modified doesn’t explicitly teach but Baskerville discloses wherein the telemetry server anonymizes the query results to remove predefined source-specific information (Baskerville - [0050]: the TQN coordinator 108 calculates the correct result by removing obfuscation data).
prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Ghetti and SHADMON with Baskerville so that the original obfuscation data is removed. The modification would have allowed the system to anonymously share aggregated security assessment results.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Liao et al. (Patent No.: US 10,803,197) - Masking sensitive information in records of filtered accesses to unstructured data
Khoo et al. (Pub. No.: US 2016/0246996) - Systems And Methods For Bulk Redaction Of Recorded Data
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MENG LI whose telephone number is (571)272-8729.  The examiner can normally be reached on M-F 8:30-5:30.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8729.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MENG LI/
Primary Examiner, Art Unit 2437