DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
The amendments filed on May 9, 2022 have been entered.
Claims 1-9 and 11-21 are allowed.

           Response to Arguments
Applicant’s arguments filed on May 9, 2022 have been fully considered and are persuasive.  

This communication warrants No Examiner's Reason for Allowance, applicant's reply make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule 37 CFR 1.104(e). Specifically, the substance of applicant’s remarks, pages 11-14, filed May 9, 2022 are persuasive and the proposed amendment below, as such the reasons for allowance are in all probability evident from the record and no statement is deemed necessary (see MPEP 1302.14). 

Examiner’s amendment
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given by Attorney Joseph B. Ryan, Registration No. 37,922. 
The application is amended as follows:



Claim 1. An apparatus comprising: 
at least one processing device comprising a processor coupled to a memory; 
said at least one processing device being configured: 
to receive sensor data from one or more nodes of a node network; 
to compute first and second predicate data based at least in part on the received sensor data; 
to transmit at least a first portion of the received sensor data and the first computed predicate data to a first one of a set of two or more third party applications associated with the node network; 
to transmit at least a second portion of the received sensor data and the second computed predicate data to a second one of the set of two or more third party applications; 
to receive additional data from at least one of the first one of the set of two or more third party applications and the second one of the set of two or more third party applications responsive to at least one of the transmitted first and second portions of the received sensor data and at least one of the first and second computed predicate data; 
to generate a control signal based at least in part on the received sensor data, at least one of the first and second computed predicate data, and the received additional data from said at least one of the first one of the set of the two or more third party applications and the second one of the set of two or more third party applications; and 
to transmit the control signal to at least one of the nodes of the node network;
wherein the first and second computed predicate data are associated with respective first and second pseudonyms configured to prevent the first one of the set of two or more third party applications and the second one of the set of two or more third party applications from combining the first and second portions of the sensor data to obtain designated information that a user has not permitted the first one of the set of two or more third party applications and the second one of the set of two or more third party applications to access; 
wherein said at least one processing device is further configured: 
to assign, based at least in part on whether the first one of the set of two or more third party applications exhibits at least a threshold level of commonality with one or more other 21815-5 ones of the set of two or more third party applications associated with the node network, a first set of one or more classes of capabilities to the first one of the set of two or more third party applications; 
to assign, based at least in part on whether the second one of the set of two or more third party applications exhibits at least the threshold level of commonality with one or more other ones of the set of two or more third party applications associated with the node network, a second set of one or more classes of capabilities to the second one of the set of two or more third party applications, the second set of one or more classes of capabilities being different than the first set of one or more classes of capabilities; 
to select the first and second pseudonyms based at least in part on the first set of one or more classes of capabilities assigned to the first one of the set of two or more third party applications and the second set of one or more classes of capabilities assigned to the second one of the set of two or more third party applications; and 
to control a relative timing of (i) the transmission of the computed first predicate data to the first one of the set of two or more third party applications and (ii) the transmission of the computed second predicate data to the second one of the set of two or more third party applications based at least in part on the first set of one or more classes of capabilities assigned to the first one of the set of two or more third party applications and the second set of one or more classes of capabilities assigned to the second one of the set of two or more third party applications; and 
wherein the first and second pseudonyms each comprise one of a first type of pseudonym that is the same for two or more sessions and a second type of pseudonym that is unique to a given one of the two or more sessions. 
 
Claim 2. The apparatus of claim 1 wherein said at least one processing device comprises one or more servers coupled to the node network. 
 
Claim 3. The apparatus of claim 1 wherein said at least one processing device implements a central authority of the trusted party responsible for configuration and management of the node network. 
 
Claim 4. The apparatus of claim 3 wherein at least one of the first one of the set of two or more third party applications and the second one of the set of two or more third party applications executes in a trusted processing environment that is under a control of the trusted party.  

Claim 5. The apparatus of claim 3 wherein at least one of the first one of the set of two or more third party applications and the second one of the set of two or more third party applications executes in a non-trusted processing environment that is not under a control of the trusted party.  

Claim 6. The apparatus of claim 1 wherein at least one of the first one of the set of two or more third party applications and the second one of the set of two or more third party applications comprises one or more software programs of a third party service provider.  

Claim 7. The apparatus of claim 1 wherein the node network comprises a sensor network that includes a set of sensor devices with at least one of the sensor devices being configured to generate the sensor data. 
 
Claim 8. The apparatus of claim 7 wherein the sensor network is deployed in at least one of an interior space and an exterior space of a building or other structure.  

Claim 9. The apparatus of claim 1 wherein computing the first and second predicate data based at least in part on the received sensor data comprises computing the first and second predicate data in accordance with one or more user-specified policies relating to access by the first one of the set of two or more third party applications and the second one of the set of two or more third party applications to information including or derived from the sensor data.  

Claim 10. (Previously canceled) 41815-5  

Claim 11. The apparatus of claim 1 wherein computing the first and second predicate data based at least in part on the received sensor data comprises associating the first and second computed predicate data with the first and second pseudonyms that prevent the first one of the set of two or more third party applications and the second one of the set of two or more third party applications from determining an identifier of a source of the corresponding sensor data.  

Claim 12. The apparatus of claim 1 wherein computing the first and second predicate data based at least in part on the received sensor data further comprises computing the first and second predicate data in accordance with one or more compliance policies.  

Claim 13. The apparatus of claim 1 wherein computing the first and second predicate data based at least in part on the received sensor data comprises computing, from received sensor data that includes one or more explicit identifiers, anonymized predicate data that does not include the one or more explicit identifiers. 
 
Claim 14. The apparatus of claim 13 wherein the anonymized predicate data is indicative of at least one of an activity associated with a user within an area in which the sensor data was collected, and a classification of the user within the area.  

Claim 15. (Currently amended) A method comprising: 
receiving sensor data from one or more nodes of a node network; 
computing first and second predicate data based at least in part on the received sensor data; 
transmitting at least a first portion of the received sensor data and the first computed predicate data to a first one of  a set of two or more third party applications associated with the node network; 
transmitting at least a second portion of the received sensor data and the second computed predicate data to a second one of the set of two or more third party applications; 51815-5 
receiving additional data from at least one of the first one of the set of two or more third party applications and the second one of the set of two or more third party applications responsive to at least one of the transmitted first and second portions of the received sensor data and at least one of the first and second computed predicate data; 
generating a control signal based at least in part on the received sensor data, at least one of the first and second computed predicate data, and the received additional data from said at least one of the first one of the set of two or more third party applications and the second one of the set of two or more third party applications; and 
transmitting the control signal to at least one of the nodes of the node network; 
wherein the first and second computed predicate data are associated with respective first and second pseudonyms configured to prevent the first one of the set of two or more third party applications and the second one of the set of two or more third party applications from combining the first and second portions of the sensor data to obtain designated information that a user has not permitted the first one of the set of two or more third party applications and the second one of the set of two or more third party applications to access; 
wherein the method further comprises: 
assigning, based at least in part on whether the first one of the set of two or more third party applications exhibits at least a threshold level of commonality with one or more other ones of the set of two or more third party applications associated with the node network, a first set of one or more classes of capabilities to the first one of the set of two or more third party applications; 
assigning, based at least in part on whether the second one of the set of two or more third party applications exhibits at least the threshold level of commonality with one or more other ones of the set of two or more third party applications associated with the node network, a second set of one or more classes of capabilities to the second one of the set of two or more third party applications, the second set of one or more classes of capabilities being different than the first set of one or more classes of capabilities; 
selecting the first and second pseudonyms based at least in part on the first set of one or more classes of capabilities assigned to the first one of the set of two or more third party 61815-5 applications and the second set of one or more classes of capabilities assigned to the second one of the set of two or more third party applications; and 
controlling a relative timing of (i) the transmission of the computed first predicate data to the first one of the set of two or more third party applications and (ii) the transmission of the computed second predicate data to the second one of the set of two or more third party applications based at least in part on the first set of one or more classes of capabilities assigned to the first one of the set of two or more third party applications and the second set of one or more classes of capabilities assigned to the second one of the set of two or more third party applications; 
wherein the first and second pseudonyms each comprise one of a first type of pseudonym that is the same for two or more sessions and a second type of pseudonym that is unique to a given one of the two or more sessions; and 
wherein the method is performed by at least one processing device comprising a processor coupled to a memory.  

Claim 16. The method of claim 15 wherein computing the first and second predicate data based at least in part on the received sensor data comprises computing the first and second predicate data in accordance with one or more user-specified policies relating to access by the first one of the set of two or more third party applications and the second one of the set of two or more third party applications to information including or derived from the sensor data.  

Claim 17. The method of claim 15 wherein computing the first and second predicate data based at least in part on the received sensor data comprises associating the first and second computed predicate data with the first and second pseudonyms that prevent the first one of the set of two or more third party applications and the second one of the set of two or more third party applications from determining an identifier of a source of the corresponding sensor data.  

Claim 18. (Currently amended) A computer program product comprising a non-transitory processor-readable storage medium having stored therein program code of one or more software 71815-5programs, wherein the program code when executed by at least one processing device causes said at least one processing device: 
to receive sensor data from one or more nodes of a node network; 
to compute first and second predicate data based at least in part on the received sensor data; 
to transmit at least a first portion of the received sensor data and the first computed predicate data to a first one of  a set of two or more third party applications associated with the node network; 
to transmit at least a second portion of the received sensor data and the second computed predicate data to a second one of the set of two or more third party applications; 
to receive additional data from at least one of the first one of the set of two or more third party applications and the second one of the set of two or more third party applications responsive to at least one of the transmitted first and second portions of the received sensor data and at least one of the first and second computed predicate data; 
to generate a control signal based at least in part on the received sensor data, at least one of the first and second computed predicate data, and the received additional data from said at least one of the first one of the set of two or more third party applications and the second one of the set of two or more third party applications; and 
to transmit the control signal to at least one of the nodes of the node network; 
wherein the first and second computed predicate data are associated with respective first and second pseudonyms configured to prevent the first one of the set of two or more third party applications and the second one of the set of two or more third party applications from combining the first and second portions of the sensor data to obtain designated information regarding that a user has not permitted the first one of the set of two or more third party applications and the second one of the set of two or more third party applications; 
wherein the program code when executed further causes said at least one processing device:
to assign, based at least in part on whether the first one of the set of two or more third party applications exhibits at least a threshold level of commonality with one or more other ones of the set of two or more third party applications associated with the node network, a first set of one or more classes of capabilities to the first one of the set of two or more third party applications; 81815-5 
to assign, based at least in part on whether the second one of the set of two or more third party applications exhibits at least the threshold level of commonality with one or more other ones of the set of two or more third party applications associated with the node network, a second set of one or more classes of capabilities to the second one of the set of two or more third party applications, the second set of one or more classes of capabilities being different than the first set of one or more classes of capabilities; 
to select the first and second pseudonyms based at least in part on the first set of one or more classes of capabilities assigned to the first one of the set of two or more third party applications and the second set of one or more classes of capabilities assigned to the second one of the set of two or more third party applications; and 
to control a relative timing of (i) the transmission of the computed first predicate data to the first one of the set of two or more third party applications and (ii) the transmission of the computed second predicate data to the second one of the set of two or more third party applications based at least in part on the first set of one or more classes of capabilities assigned to the first one of the set of two or more third party applications and the second set of one or more classes of capabilities assigned to the second one of the set of two or more third party applications; and 
wherein the first and second pseudonyms each comprise one of a first type of pseudonym that is the same for two or more sessions and a second type of pseudonym that is unique to a given one of the two or more sessions.  

Claim 19. The computer program product of claim 18 wherein computing the first and second predicate data based at least in part on the received sensor data comprises computing the first and second predicate data in accordance with one or more user- specified policies relating to access by the first one of the set of two or more third party applications and the second one of the set of two or more third party applications to information including or derived from the sensor data.  

Claim 20. The computer program product of claim 18 computing the first and second predicate data based at least in part on the received sensor data comprises 91815-5 associating the first and second computed predicate data with the first and second pseudonyms that prevent the first one of the set of two or more third party applications and the second one of the set of two or more third party applications from determining an identifier of a source of the corresponding sensor data.  


Claim 21. The apparatus of claim 1 wherein said at least one processing device is further configured: 
to identify a security risk associated with operation of the first one of the set of two or more third party applications in combination with the second one of the set of two or more third party applications, the identified security risk being based on a determination that at least one of the first one of the set of two or more third party applications and the second one of the set of two or more third party applications do not share at least the threshold level of commonality with a plurality of third party applications to which respective portions of the received sensor data are transmitted; and 
to modify at least one of the first and second portions of the received sensor data transmitted to at least one of the first one of the set of two or more third party applications and the second one of the set of two or more third party applications responsive to identifying the security risk.


















Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABDELBASST TALIOUA whose telephone number is (571)272-4061.  The examiner can normally be reached on Monday-Thursday 7:30 am - 5:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William Trost can be reached on 571-272-7872.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/A.T./Examiner, Art Unit 2442[AltContent: rect]
/WILLIAM G TROST IV/Supervisory Patent Examiner, Art Unit 2442