DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1, 3-5, 8-17 and 19-21 are pending in this application.
Claims 1, 20 and 21 are currently amended.
Claims 2, 6-7 and 18 are cancelled.
No new IDS was submitted.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 6/30/22 has been entered.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 15 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
	Claim 15 recites “a small number of tenants” in line 1. The limitation “small” is a relative term. It is unclear how small is considered small. Applicant’s specification did not define the term “small number of tenants”.
	Appropriate clarification is required.

 
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1, 3-5, 8-12, 16-17 and 19-21 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Jones et al. (Pub. No.: US 2018/0285596 A1) (hereinafter, “Jones”).

	As to claim 1, Jones discloses a system for secure commingling of tenant isolated data, comprising:
	a commingling storage unit (Fig. 1, item 150; Fig. 2, item 150; “Referring back to FIG. 2, the data store 150 is configured to store the modified data 142 in a manner that allows a management platform (e.g., the management platform 120 of FIG. 1) to locate metric data associated with particular network entities.” –e.g., see, [0025]);
	an interface configured to: receive an indication of tenant data to be commingled (“The collector module 140 is configured to handle the registration of the agents 112 with the management platform 120, receive collected data 114 from the agents 112, analyze the collected data 114, identify sensitive information in the data 114, extract the sensitive information, and store the data in either the data store 150 or sensitive data store 170.” –e.g. see, [0017]; herein receiving data to be stored in a central database is equivalent to receiving an indication of the data to be commingled (i.e. to be stored with other data in a database); wherein the data needs to analyzed and process before storing); and 
	a processor configured to: determine one or more instance of sensitive data included in the tenant data (“In some aspects, the collector module 140 may determine whether sensitive information is contained in the data 114 by using an algorithm. The algorithm may be configured to read the data 114, identify characters that signify identity information of the client or network entity 110, and remove the sensitive information from the data 114. By way of another example, the algorithm may utilize a list of attribute names (e.g., IPAddress, CustomerID, DestinationName, DestinationID, Topology, User) that are determined to contain or likely contain sensitive information.” –e.g. see, [0017]; herein, collector module 140 determines instance of sensitive data by analyzing the data 114), comprising to:
select an instance of data included in the tenant data from a category that is not marked as sensitive data (“In some aspects, the collector module 140 may determine whether sensitive information is contained in the data 114 by using an algorithm. The algorithm may be configured to read the data 114, identify characters that signify identity information of the client or network entity 110, and remove the sensitive information from the data 114. By way of another example, the algorithm may utilize a list of attribute names (e.g., IPAddress, CustomerID, DestinationName, DestinationID, Topology, User) that are determined to contain or likely contain sensitive information.” –e.g. see, [0017]; herein, data 114 which contains collected data from plurality of network entities are selected as instances of data to process and mark sensitive data. The selection of data 114 is not yet marked as sensitive until the data is processed to mark the instances of data as sensitive; see also: “Referring back to FIG. 1, the collector module 140 may be further configured to replace the sensitive information in the collected data 114 with one or more identifiers thereby creating modified data 142. The modified data 142 may include metric data that comprises events, logs, metrics, transactions, alerts, entity performance, time-based data, CPU usage, memory usage or other telemetry records. The modified data 142 created by the collector module 140 may be routed by the collector module 140 to the data store 150 for storage.” –e.g. see, [0024]); and 
determine whether to mark the instance of data as sensitive data, wherein the instance of data is marked as sensitive data in response to a determination that the instance of data does not consist of measure data (Referring back to FIG. 1, the collector module 140 may be further configured to replace the sensitive information in the collected data 114 with one or more identifiers thereby creating modified data 142. The modified data 142 may include metric data that comprises events, logs, metrics, transactions, alerts, entity performance, time-based data, CPU usage, memory usage or other telemetry records. The modified data 142 created by the collector module 140 may be routed by the collector module 140 to the data store 150 for storage.” –e.g. see, [0024]; herein, one or more instances of the collection of data is marked as sensitive and removed from the collection of data (i.e. from data 114) by replacing with one or more identifiers which resulted as modified data 142; herein, modified data is equivalent to non-sensitive data; modified data includes metric data wherein “metric data” are “numbers”, the sorts of numbers we collect when we measure something. How much CPU is used or memory usage are example of metric data that were included as part of Jones’ modified data meaning these metric data are marked as non-sensitive and transferred to the data storage after removing sensitive data instances from the collection of data; Thus, it’s reasonable to conclude that metric data is equivalent to the measure data which was determined as non-sensitive since these data didn’t require to be replaced with identifiers before sending these non-sensitive data as the modified data 142 to the storage 150);
	transfer instances of data included in the tenant data to the commingling storage unit that are not marked as sensitive data (“Referring back to FIG. 1, the collector module 140 may be further configured to replace the sensitive information in the collected data 114 with one or more identifiers thereby creating modified data 142. The modified data 142 may include metric data that comprises events, logs, metrics, transactions, alerts, entity performance, time-based data, CPU usage, memory usage or other telemetry records. The modified data 142 created by the collector module 140 may be routed by the collector module 140 to the data store 150 for storage.” –e.g. see, [0024]; herein, sensitive data are replaced with identifiers and routed (i.e. transferred) only the data that are not marked as sensitive; see also, Fig. 2, Fig. 3, [0017], [0026], [0028]).

As to claims 20 and 21, these are rejected using the similar rationale as for the rejection of claim 1.

As to claim 3, Jones discloses further comprising a tenant data storage unit of a plurality of tenant data storage units (Each agent 112A-C may be installed on a respective network entity 110A-C and configured to transmit data to and receive data from (e.g., network entity information, application information, performance information, event information) the network management platform 120 via the collector module 140.”-e.g. see, [0016]). 

As to claim 4, Jones discloses wherein the tenant data is received from the tenant data storage unit of the plurality of tenant data storage units (Each agent 112A-C may be installed on a respective network entity 110A-C and configured to transmit data to and receive data from (e.g., network entity information, application information, performance information, event information) the network management platform 120 via the collector module 140.”-e.g. see, [0016]). 

As to claim 5, Jones discloses wherein the tenant data is transferred automatically in the event that the tenant data on the tenant data storage unit is updated, modified, added to, and/or deleted from (“At operation 310, the system may collect data that represents performance information or records of network entities in the network. The records may be created or updated based on the data received from a network entity or user interface. The data may include various attributes of certain network entities.” –e.g. see, [0032], see also, Fig. 3). 

As to claim 8, Jones discloses wherein the tenant data stored on the commingling storage unit is used for a service (“Referring back to FIG. 2, the data store 150 is configured to store the modified data 142 in a manner that allows a management platform (e.g., the management platform 120 of FIG. 1) to locate metric data associated with particular network entities. For example, data store 150 may contain a multitude of entries, with each entry including the identifier 212 and metric data 218. Each record in the data store 150 includes metric data 218 (e.g. events, logs, metrics, transactions, alerts, entity performance, time-based data, CPU usage, transaction bytes, transaction latency, memory usage or other telemetry records) for a particular network entity.” -e.g. see, [0025]; herein, plurality of network entities can retrieve metric data, see also, [0030]). 

As to claim 9, Jones discloses wherein the service comprises a benchmarking service (“For example, the analyzer module 160 may be configured to create native aggregation, baselines, or histograms using the modified data 142. As another example, the analyzer module 160 may be configured to correlate data from multiple network entities 110 to identify trends and may be further configured to generate alerts based on the trends. In one aspect, because the sensitive information 144 is removed from the collected data 114, analysis of the modified data 142 stored in the data store 150 may be performed more efficiently due to not only the reduced size of the data stored in the data store 150, but also due to analysis and querying of data not requiring encryption and decryption, as encrypted data cannot be queried or searched.” -e.g. see, [0028]). 

As to claim 10, Jones discloses wherein the one or more instances of sensitive data are not transferred in order that the tenant data is deidentified (“Referring back to FIG. 1, the collector module 140 may be further configured to replace the sensitive information in the collected data 114 with one or more identifiers thereby creating modified data 142. The modified data 142 may include metric data that comprises events, logs, metrics, transactions, alerts, entity performance, time-based data, CPU usage, memory usage or other telemetry records. The modified data 142 created by the collector module 140 may be routed by the collector module 140 to the data store 150 for storage” -e.g. see, [0024]). 

As to claim 11, Jones discloses wherein the processor is further configured to: perform functions on the tenant data stored in the commingling storage unit to produce reports comprising report data (“Referring back to FIG. 1, the data store 150 may also include historical performance data associated with the network entities or metrics calculated based on historical data. The modified data 142 may be queried, analyzed, or further processed by an analyzer module 160 to yield a result. The result may comprise performance metrics relating to the network entities 110 that is created using the modified data 142.” -e.g. see, [0028]; see also, [0029], [0030]).

As to claim 12, Jones discloses wherein functions comprise operations, calculations, and/or searches ([0027]; herein the metric data 218 may be searched using one or more types of metric data 218 stored in the data store 150; [0028]; herein, Jones teaches querying the database to yield a result). 

As to claim 16, Jones discloses wherein the processor is further configured to determine a set of tenants associated with the tenant data stored on the commingling storage unit ([0024], [0028], [0030]; herein, multiple network entities store data to the data store for storage of metric data associated with each entity). 

As to claim 17, Jones discloses wherein the instance of data comprises personally identifiable information (Fig. 2, item 170; [0024], [0028]). 

As to claim 19, Jones discloses wherein the tenant data is selected for transfer according to analytics-based granularity (“In some aspects, the collector module 140 may determine whether sensitive information is contained in the data 114 by using an algorithm. The algorithm may be configured to read the data 114, identify characters that signify identity information of the client or network entity 110, and remove the sensitive information from the data 114.” –e.g. see, [0017], see also, [0024], [0028]). 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 13-15 are rejected under 35 U.S.C. 103 as being unpatentable over Jones in view of Al-Kabra et al. (US 2019/0058991 A1) (hereinafter, “Al-Kabra”).

As to claim 13, Jones doesn’t explicitly disclose wherein the processor is further configured to: monitor reports to block reporting of report data that could be linked to one or more tenants.
However, in an analogous art, Al-Kabra discloses wherein the processor is further configured to: monitor reports to block reporting of report data that could be linked to one or more tenants (Al-Kabra: “The network cell anonymity filtering removes data pertaining to subscriber communications that are handled by one or more network cells in a geographical region during a designated time period from the communication record table, when the number of unique subscribers that are handled by each of the one or more network cells in the time period is less than a predetermined threshold number (e.g., 25 unique subscribers). The predetermined threshold number is designed to ensure there is sufficient noise in the communication records of subscribers that are associated with a network cell to protect subscriber privacy. For example, if a network cell only handled communications for user devices of 10 unique subscribers during a day when the threshold is 25 unique subscribers, then communication records pertaining to the communication services received by the user devices of these 10 unique subscribers are purged from the communication record table. In this way, the identities of the unique subscribers cannot be deduced by extrapolating subscriber behavior based on communication records of subscribers across multiple network cells.” –e.g. see, Al-Kabra: [0026]; herein, a number of subscribers are determined from a report data and when the determined number is less than a certain threshold number, then the subscribers (i.e. tenants) are purged from the record). 
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Jones with the teaching of Al-Kabra to include wherein the processor is further configured to: monitor reports to block reporting of report data that could be linked to one or more tenants in order to prevent identifying identities of the unique subscribers. Thus, identities of unique subscribers cannot be exposed by observing subscriber behavior based on communication records of subscribers across multiple network as taught by Al-Kabra (Al-Kabra: [0026]).

As to claim 14, the combination of Jones and Al-Kabra disclose wherein the report data is identifiable as being associated with a single tenant (“In one aspect, the result created by the analyzer module 160 may include the identifier associated with a particular network entity 110.” -e.g. see, Jones: [0029]; see also, Al-Kabra: [0026]). 

As to claim 15, Jones discloses wherein report data is associated with a small number of tenants such that an inference about the tenant data can be made (Jones: “Referring back to FIG. 1, the data store 150 may also include historical performance data associated with the network entities or metrics calculated based on historical data. The modified data 142 may be queried, analyzed, or further processed by an analyzer module 160 to yield a result. The result may comprise performance metrics relating to the network entities 110 that is created using the modified data 142. For example, the analyzer module 160 may be configured to create native aggregation, baselines, or histograms using the modified data 142. As another example, the analyzer module 160 may be configured to correlate data from multiple network entities 110 to identify trends and may be further configured to generate alerts based on the trends.” -e.g. see, Jones: [0028]). 

Response to Arguments
Applicant’s arguments with respect to claims 1, 20 and 21 have been considered but are moot because the new ground of rejection does not rely on Leung (US 2018/0330118 A1) reference that applied in the prior rejection of record for teaching or matter specifically challenged in the argument.

Applicant argued regarding claims 1, 20 and 21 on pages 7-8 of the remark that: “As discussed during the interview, the applied references fail to teach or render obvious "determine one or more instances of sensitive data included in the tenant data, comprising to: select an instance of data included in the tenant data from a category that is not marked as sensitive data; and determine whether to mark the instance of data as sensitive data, wherein the instance of data is marked as sensitive data in response to a determination that the instance of data does not consist of measure data; and transfer instances of data included in the tenant data to cation Serial No. 16/737,635Attorney Docket No. WORKP116C17 the commingling storage unit that are not marked as sensitive data" as recited in claim 1 and similarly recited in claims 20 and 21.”
In response to the Applicant’s argument, Examiner would like to point out that Examiner has withdrawn Leung reference which was cited in previous rejection and as discussed during interview, doesn’t teach the amended limitation “ … the instance of data is marked as sensitive data in response to a determination that the instance of data does not consist of measure data.” However, upon further analysis and consideration, Examiner has concluded that the primary art Jones teaches this amended limitation, please see rejection above for further clarification on how Jones reference is cited to teach the claimed limitation. It should be noted that Specification does not clearly articulate what is “measure data” and it may not be a well-known term in the art. Applicant is encouraged to provide further clarification of “measure data” by pointing to a section of the Specification which clearly explains the term “measure data” or applies the term such a way that anyone with ordinary skill in the art can understand what is considered measure data. In addition, Applicant may provide a standard dictionary definition and provide one or more published articles as samples to provide some evidence of “measure data” being well-known in the ordinary skill art and how measure data is determined. Further to clarify the above rejection, Jones teaches “metric data” as non-sensitive data (e.g. see, para. [0024]). The “metric data” are “numbers”, the sorts of numbers we collect when we measure something. How much CPU is used or memory usage are example of metric data. The metric data were included as part of Jones’ modified data meaning these metric data are marked as non-sensitive and transferred to a data storage; Thus, it’s reasonable to conclude that metric data is equivalent to the measure data which was determined as non-sensitive. It also should be noted that the amended limitation is a negative limitation and Jones clearly teaches not to mark metric data (i.e. measure data) as part of sensitive data (e.g. see, Jones: [0024], [0029], [0030]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 

US 2005/0283620 A1 (Khulusi et al.)-Khulusi teaches separately storing non-sensitive personal identifiable information (NSPII) and sensitive personal identifiable information (SPII). Examples of NSPII are given as gender, height, weight, age etc.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to SUMAN DEBNATH whose telephone number is (571)270-1256. The examiner can normally be reached Mon-Fri; 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

SUMAN DEBNATH
Patent Examiner
Art Unit 2495



/S.D/Examiner, Art Unit 2495                                                                                                                                                                                                        

/HENRY TSANG/Primary Examiner, Art Unit 2495