Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
	Authorization for this examiner’s amendment was given in an interview with Michael Fainberg
(Registration No. 50,441) on 05/23/2022.
Please amend the Claims as follows:
1.	(Currently Amended) A computer-implemented method for anonymously collecting malware-related data from client devices, the method comprising:
	receiving, by a network node, a first data structure from a client device, wherein the first data structure contain an identifier of the client device and an encrypted data that includes an identifier of a user of the client device and/or personal data of the user, and wherein the encrypted data was encrypted by the client device with a public key of the client device, wherein the public key was provided to the client device by an independent certification authority;
	transforming, by the network node, the received first data structure by replacing the identifier of the client device with an anonymized identifier, and transmitting the transformed first data structure containing the anonymized identifier and the encrypted data to a server, wherein the anonymized identifier includes an encrypted identifier of the client device; 
	receiving, by the server, the transformed first data structure from the network node;
	receiving, by the server, a second data structure from the client device, wherein the second data structure contains malware-related data obtained on the client device; and
	combining, by the server, the transformed first data structure with the second data structure and storing the combined data structure at the server, whereby the server cannot access and/or view (i) the identifier of the client device and (ii) the identifier of the user of the client device and/or personal data of the user stored in the combined data structure.

2.	(Cancelled)

7.	(Currently Amended) A system for anonymously collecting malware-related data from client devices, the system comprising:
	a first network node having hardware processor configured to:
		receive a first data structure from a client device, wherein the first data structure contain an identifier of the client device and an encrypted data that includes an identifier of a user of the client device and/or personal data of the user, and wherein the encrypted data was encrypted by the client device with a public key of the client device, wherein the public key was provided to the client device by an independent certification authority;
		transform the received first data structure by replacing the identifier of the client device with an anonymized identifier, and transmitting the transformed first data structure containing the anonymized identifier and the encrypted data to a server, wherein the anonymized identifier includes an encrypted identifier of the client device; and
	a server having hardware processor configured to:
		receive the transformed first data structure from the network node;
		receive a second data structure from the client device, wherein the second data structure contains malware-related data obtained on the client device; and
		combine the transformed first data structure with the second data structure and store the combined data structure at the server, whereby the server cannot access and/or view (i) the identifier of the client device and (ii) the identifier of the user of the client device and/or personal data of the user stored in the combined data structure.

8.	(Cancelled)

13.	(Currently Amended) A non-transitory computer readable medium comprising computer executable instructions for anonymously collecting malware-related data from client devices, including instructions for:
	receiving, by a network node, a first data structure from a client device, wherein the first data structure contain an identifier of the client device and an encrypted data that includes an identifier of a user of the client device and/or personal data of the user, and wherein the encrypted data was encrypted by the client device with a public key of the client device, wherein the public key was provided to the client device by an independent certification authority;
	transforming, by the network node, the received first data structure by replacing the identifier of the client device with an anonymized identifier, and transmitting the transformed first data structure containing the anonymized identifier and the encrypted data to a server, wherein the anonymized identifier includes an encrypted identifier of the client device; 
	receiving, by the server, the transformed first data structure from the network node;
	receiving, by the server, a second data structure from the client device, wherein the second data structure contains malware-related data obtained on the client device; and
	combining, by the server, the transformed first data structure with the second data structure and storing the combined data structure at the server, whereby the server cannot access and/or view (i) the identifier of the client device and (ii) the identifier of the user of the client device and/or personal data of the user stored in the combined data structure.

14.	(Cancelled)
 
Allowable Subject Matter
Claims 1, 3-7, 9-13, and 15-18 are allowed.
The following is a statement of reasons for the indication of allowable subject matter:
In interpreting the currently amended claims, in light of the specification as well arguments presented in the responses to the Office actions, the Examiner finds the claimed invention to be patentably distinct from the prior art of record.  First, Applicant’s arguments with respect to traversing the prior art of record are persuasive.  In addition, based on an updated search and further consideration, the Examiner finds that the claimed invention is patentably distinct based on the following additional rationale.
  teaches a computer-implemented method for anonymously collecting malware-related data from client devices, the method comprising: receiving, a second data structure from the client device, wherein the second data structure contains malware-related data obtained on the client device.   
  teaches wherein the first data structure contain an identifier of the client device and an encrypted data that includes an identifier of a user of the client device or personal data of the user, and wherein the encrypted data was encrypted by the client device with a public key of the client device, transforming, by the network node, the received first data structure by replacing the identifier of the client device with an anonymized identifier, and transmitting the transformed first data structure; whereby the server cannot access or view the identifier of the client device.  
 LaFever et al. (US Pre-Grant Publication No. 20190332807, hereinafter LaFever) teaches receiving, by the server, the transformed first data structure from the network node; combining, by the server, the transformed first data structure with the second data structure.
The prior art of record fails to teach or suggest, individually or in combination, each and every limitation of the claimed invention, within the context of the claimed invention as a whole, as recited in Claims 1, 7, and 13.
Although Chiang discloses a computer-implemented method for anonymously collecting malware-related data from client devices, the method comprising: receiving, a second data structure from the client device, wherein the second data structure contains malware-related data obtained on the client device, Chiang does not disclose a computer-implemented method for anonymously collecting malware-related data from client devices comprising: receiving, by a network node, a first data structure from a client device, wherein the first data structure contain an identifier of the client device and an encrypted data that includes an identifier of a user of the client device or personal data of the user, and wherein the encrypted data was encrypted by the client device with a public key of the client device, wherein the public key was provided to the client device by an independent certification authority; transforming, by the network node, the received first data structure by replacing the identifier of the client device with an anonymized identifier, and transmitting the transformed first data structure containing the anonymized identifier and the encrypted data to a server, wherein the anonymized identifier includes an encrypted identifier of the client device; receiving, by the server, the transformed first data structure from the network node; receiving, by the server, a second data structure from the client device, wherein the second data structure contains malware-related data obtained on the client device; and  combining, by the server, the transformed first data structure with the second data structure and storing the combined data structure at the server, whereby the server cannot access or view (i) the identifier of the client device and (ii) the identifier of the user of the client device or personal data of the user stored in the combined data structure.  Furthermore, the Examiner notes prior art teachings, such as Irvine, which teaches wherein the first data structure contain an identifier of the client device and an encrypted data that includes an identifier of a user of the client device or personal data of the user, and wherein the encrypted data was encrypted by the client device with a public key of the client device, transforming, by the network node, the received first data structure by replacing the identifier of the client device with an anonymized identifier, and transmitting the transformed first data structure; whereby the server cannot access or view the identifier of the client device; and LaFever, which teaches receiving, by the server, the transformed first data structure from the network node; combining, by the server, the transformed first data structure with the second data structure.  However, the Examiner notes that the prior art does not properly disclose that the public key was provided to the client device by an independent certification authority; transmitting the transformed first data structure containing the anonymized identifier and the encrypted data to a server wherein the anonymized identifier includes an encrypted identifier of the client device; storing the combined data structure at the server; and the server cannot access the identifier of the user of the client device or personal data of the user stored in the combined data structure.
Thus, the Examiner finds that the prior art does not provide sufficient teaching or motivation for anticipating or rendering obvious the claimed invention as a whole, without the usage of impermissible hindsight reasoning.
Claims 3-6, 9-12, and 15-18 are allowable based on at least on their depending from an allowable claim.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HAMID TALAMINAEI whose telephone number is (571)270-3283. The examiner can normally be reached Flexible, M-F 7:30 -5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HAMID TALAMINAEI/Examiner, Art Unit 2436                                                                                                                                                                                                        

/FATOUMATA TRAORE/Primary Examiner, Art Unit 2436