DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment / Arguments
Regarding claims rejected under 35 USC 103:
Applicant’s arguments, with respect to the graphical display of the accounts have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Biswas (US 2013/0185804 A1).

Regarding claims rejected under 35 USC 101:
	Responsive to Applicant incorporating elements considered to be significantly more than the judicial exception previously discussed, the rejection has been withdrawn.

Claim Objections
Claims 1-20 are objected to because of the following informalities:  independent claims 1, 9, and 16 each recite “update the interactive display so as provide,” which is believed to be a typographical error.  Appropriate correction is required.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 5-6, 8-9, 13, 15-16, and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lefebvre (US 2013/0268839 A1) in view of Saxe (US 8,925,099 B1) and Biswas (US 2013/018504 A1).

Regarding claim 1, Lefebvre discloses: A cyber-security system comprising a cyber-security account analysis system and a cyber-security privacy statement analysis system, wherein the cyber-security system includes: 
a processor; 
a memory unit storing computer-executable instructions, which when executed by the processor, cause the cyber-security account analysis system to:
Refer to a least FIG. 1 and [0034]-[0038] of Lefebvre with respect to system elements.
monitor at least one email account; 
Refer to at least [0026]-[0027], [0044], and [0049] of Lefebvre with respect to user accounts associated with the system, the user accounts including email for monitoring.
determine source information for each email correspondence in the monitored at least one email account; 
determine for each email correspondence a likelihood that each email correspondence represents an account of a consumer; 
Refer to at least [0028]-[0030], [0040], and [0042]-[0044] of Lefebvre with respect to the system accessing email accounts and automatically identifying institution accounts. 
[display the account of the consumer along with obtained information].
Refer to at least the abstract, [0049], [0055], and FIG. 9, 11, and 15 of Lefebvre with respect to a viewer interface for viewing identified information.
Lefebvre does not disclose: wherein the cyber-security privacy statement analysis system is configured to: determine privacy policies to be analyzed based on the account of the consumer; analyze privacy polices associated with the account of the consumer; generate for each analyzed privacy policy a list of data being collected about the consumer and associated purpose statements regarding use of the data being collected; provide an interactive display of the account of the consumer along with the list of data being collected and associated purpose statements regarding use of the data being collected; upon receiving a user interaction with the interactive display, update the interactive display so as provide a graphical representation of at least a portion of a digital footprint of the user based on the list of data being collected, wherein the graphical representation includes a plurality of components, each of the components representing one of the determined accounts of the consumer, and wherein each of the components is represented by a shape that corresponds to an impact, on the digital footprint, of the account of the digital footprint; recommend closing accounts associated with the consumer based on security recommendations; identify high-risk accounts based on the security recommendations; and automatically initiate an account change associated with the high-risk accounts. However, Lefebvre in view of Saxe discloses: wherein the cyber-security privacy statement analysis system is configured to: determine privacy policies to be analyzed based on the account of the consumer; 
analyze privacy polices associated with the account of the consumer; 
Refer to at least Col. 14, Ll. 42-59 of Saxe with respect to identifying privacy policies and privacy policy information of third parties having information of a user for privacy scoring.
generate for each analyzed privacy policy a list of data being collected about the consumer and associated purpose statements regarding use of the data being collected; 
Refer to at least FIG. 7 and Col. 10, Ll. 33-61 of Saxe with respect to various private data categories and their associated described usage. 
provide an interactive display of the account of the consumer along with the list of data being collected and associated purpose statements regarding use of the data being collected; and 
upon receiving a user interaction with the interactive display, update the interactive display so as provide a graphical representation of at least a portion of a digital footprint of the user based on the list of data being collected, wherein the graphical representation includes a plurality of components;
Refer to at least Col. 11, Ll. 15-28 and Col. 10, Ll. 25-30 of Saxe with respect to providing an interactive display with on-demand and/or on-access report generation.
Refer to at least FIG. 10 and Col. 12, Ll. 19-Col. 13, Ll. 45 of Saxe with respect to displaying private data categories as represented by shapes (e.g., 1010, 1012, 1016 in FIG. 10) corresponding to their score.
Refer to at least Col. 3, Ll. 27-40 of Saxe with respect to the report providing an analysis of the user’s digital footprint.
recommend closing accounts associated with the consumer based on security recommendations; identify high-risk accounts based on the security recommendations; and automatically initiate an account change associated with the high-risk accounts; 
Refer to at least Col. 10, Ll. 61-Col. 11, Ll. 9 and Col. 12, Ll. 19-Col. 13, Ll. 45  of Saxe with respect to identifying and presenting tips for the user to edit/remove information.
Lefebvre-Saxe further in view of Biswas discloses: each of the components representing one of the determined accounts of the consumer, and wherein each of the components is represented by a shape that corresponds to an impact, on the digital footprint, of the account of the digital footprint.
Refer to at least FIG. 4-5 and [0060]-[0062] of Biswas, wherein applications associated with a user device are associated with a visual representation that indicates privacy impacts on user personal information. It is noted by the examiner that, e.g., social media and banking applications are common examples of mobile applications. 
The teachings of Lefebvre relate to obtaining user account and associated institution information for GUI display. The teachings of Saxe and Biswas also relate to analysis and GUI display for privacy policy information. Thus, the teachings of Lefebvre, Saxe, and Biswas are considered to be within the same field of endeavor and combinable because they relate to identifying, analyzing, displaying, and summarizing usage of user information. 
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Lefebvre to additionally include privacy scoring and mitigation for third parties which have access to the user’s information (e.g., the institutions) for at least the purpose of ensuring security through data privacy (e.g., Col. 2, Ll. 20-39 of Saxe). It further would have been obvious to include the visualization format of, e.g., the Biswas reference, for at least the purpose of allowing a user to further drill-down (e.g., Col. 10, Ll. 54-61 of Saxe) and determine which accounts are acceptable with greater precision. 

Regarding claim 5, Lefebvre-Saxe-Biswas discloses: The cyber-security system of claim 1, wherein the cyber-security privacy statement analysis system is further configured to: determine for each analyzed privacy policy whether the data being collected about the consumer is shared with at least one third party; and display the account of the consumer along with information regarding data about the consumer being shared with at least one third party.
Refer to at least Col. 14, Ll. 42-59 of Saxe with respect to identifying privacy policies and privacy policy information of third parties having information of a user for privacy scoring.
Refer to at least Col. 3, Ll. 27-40 of Saxe with respect to third party exposure; at least FIG. 7 and 10 of Saxe with respect to displaying the report.
This claim would have been obvious for substantially the same reasons as claim 1 above. 

Regarding claim 6, Lefebvre-Saxe-Biswas discloses: The cyber-security system of claim 1, wherein the cyber-security privacy statement analysis system is further configured to: determine if privacy policies of account of the consumer previously analyzed; and retrieve any identified previously analyzed privacy policies.
Refer to at least Col. 4, Ll. 1-25 and Col. 6, Ll. 4-13 of Saxe with respect to obtaining and storing private information. Refer to at least Col. 6, Ll. 64-Col. 7, Ll. 21 of Saxe with respect to periodic and/or on-demand collection. Refer to at least Col. 8, Ll. 34-35 of Saxe with respect to manual refresh.
Refer to at least [0031] of Biswas with respect to updating and continuous collection for policy information.
This claim would have been obvious for substantially the same reasons as claim 1 above. 

Regarding claim 8, it is rejected for substantially the same reasons as claim 1 above (i.e., the citations concerning display; the citations to Lefebvre concerning categorization).

Regarding independent claim 9, it is substantially similar to independent claim 1 above, and is therefore likewise rejected for substantially the same reasons (i.e., the citations and obviousness rationale).

Regarding claims 13 and 15, they are substantially similar to claims 5 and 8 above, and are therefore likewise rejected.

Regarding independent claim 16, it is substantially similar to independent claim 1 and elements of claim 5 above, and is therefore likewise rejected for substantially the same reasons (i.e., the citations and obviousness rationale).

Regarding claims 18, it is substantially similar to claim 8 above, and are therefore likewise rejected.

Claim(s) 7, 14, 17, 2, and 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lefebvre-Saxe-Biswas as applied to claims 1, 5-6, 8-9, 13, 15-16, and 18 above, and further in view of Barday (US 2017/0287030 A1).

Regarding claim 7, Lefebvre-Saxe-Biswas does not disclose: wherein the cyber-security account analysis system is further configured to: determine whether a breach has occurred in which the account of the consumer has been breached; and determine whether the breach has affected other accounts of the consumer. However, Lefebvre-Saxe-Biswas in view of Barday discloses: wherein the cyber-security account analysis system is further configured to: determine whether a breach has occurred in which the account of the consumer has been breached; and determine whether the breach has affected other accounts of the consumer.
Refer to at least [0003], [0006], and [0050] of Barday with respect to risk ratings associated with breaches.
The teachings of Barday relate to analysis and GUI display for privacy policy information, and as such, are considered to be within the same field of endeavor and combinable as such.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Lefebvre-Saxe-Biswas to further include breach information for at least the purpose of alerting a user if any of their associated accounts have a chance of having been compromised.

Regarding claims 14 and 17, they are substantially similar to claim 7 above, and are therefore likewise rejected.

Regarding claim 2, Lefebvre-Saxe-Biswas-Barday discloses: The cyber-security system of claim 1, wherein the cyber-security account analysis system is further configured to: monitor web browsing history information of the consumer; analyze the web browsing history of the consumer information to determine a group of businesses associated with the consumer; based on analyzing the web browsing history information of the consumer, generate a first separate list of businesses associated with the consumer; determine for each business associated with the consumer of the first separate list and the second separate list a likelihood that the consumer has an account with a business; based on the determined likelihood that each business represents an account of the consumer, generate a list of accounts associated with the consumer; analyze privacy polices associated with the generated list of accounts; generate for each analyzed privacy policy a list of data being collected about the consumer and associated purpose statements regarding use of databeing collected; and display the generated list of accounts along with the generated  list of data being collected and associated purpose statement regarding use of the data being collected.
Refer to at least [0084] of Barday with respect to internet usage history and associated PII and policies. 
Refer to at least the abstracts of Lefebvre and Barday with respect to displaying data for a user.
Refer to at least Col. 4, Ll. 1-25 of Saxe with respect to collected information.
monitor a web cache of the consumer; analyze the web cache of the consumer to determine a second group of businesses associated with the consumer; based on analyzing the web cache of the consumer, generate a second separate list of businesses associated with the consumer.
Refer to at least Col. 5, Ll. 20-27 of Saxe with respect to monitoring the user’s browser and associated cached trackers for collecting private information.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Lefebvre-Saxe-Biswas to further include analyzing browsing history for at least the purpose of enriching the collection of user information for privacy scoring, thereby helping to ensure privacy problems are better detected. 

Regarding claim 10, it is substantially similar to claim 2 above, and is therefore likewise rejected.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VADIM SAVENKOV whose telephone number is (571)270-5751. The examiner can normally be reached 12PM-8PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432                                                                                                                                                                                                        




/V.S/Examiner, Art Unit 2432